From ffecd1411be305e48b5c8f5f05c17ac9bc99f849 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Sat, 15 Nov 2025 20:22:40 -0800 Subject: [PATCH] jsxc: Update content security policy to prevent style errors - Without the CSP, during loading there are no errors in the console. However, during chatting, some styling related error show up. Tests: - Ensure that there are no CSP related errors in the browser console. Reviewed-by: James Valleroy --- plinth/modules/jsxc/views.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/plinth/modules/jsxc/views.py b/plinth/modules/jsxc/views.py index 1e51bb416..9cda09bec 100644 --- a/plinth/modules/jsxc/views.py +++ b/plinth/modules/jsxc/views.py @@ -1,10 +1,13 @@ # SPDX-License-Identifier: AGPL-3.0-or-later """Views for the JSXC module.""" +import copy + from django.http import Http404 from django.views.generic import TemplateView import plinth.app as app_module +from plinth.middleware import CONTENT_SECURITY_POLICY from plinth.modules.names.components import DomainName @@ -12,6 +15,14 @@ class JsxcView(TemplateView): """A simple page to embed Javascript XMPP Client library.""" template_name = 'jsxc_launch.html' + headers: dict[str, str] = {} + + def __init__(self, **kwargs): + """Initialize the view and set CSP.""" + super().__init__(**kwargs) + csp = copy.copy(CONTENT_SECURITY_POLICY) + csp['style-src'] = "'self' 'unsafe-inline'" + self.headers['Content-Security-Policy'] = csp.get_header_value() def dispatch(self, request, *args, **kwargs): """Don't serve the view when app is disabled.""" @@ -26,3 +37,8 @@ class JsxcView(TemplateView): context = super().get_context_data(*args, **kwargs) context['domain_name'] = DomainName.list_names()[0] return context + + def get(self, request, *args, **kwargs): + """Handle GET request and return a response object.""" + context = self.get_context_data(**kwargs) + return self.render_to_response(context, headers=self.headers)