Refused to apply inline style because it violates the following Content Security Policy directive

[LoFenk]

I'm (perhaps unwittingly) using some pretty restrictive CSP settings, requiring a nonce for inline scripts and styles. I'm getting three errors related to this:

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src <edited out> Either the 'unsafe-inline' keyword, a hash (<edited out>), or a nonce ('nonce-...') is required to enable inline execution.

Two errors like this for style and one for script.

I went ahead and played in the code of the package, locally and added:
nonce={{ CSP_NONCE }}
in report.html at line 6 and 64, within the script and style tags respectively and it resolved 2 out of the 3 errors. I'm not sure where the 3rd error is coming from but it might be from the inline styles elsewhere.

Is there a more elegant way around that?

[claudep]

In my opinion, the better resolution would be to take JS and CSS out of the templates and provide linkcheck JS/CSS files, that would be included in base_linkcheck.html. Are you interested to start this work yourself?

[LoFenk]

Sure, I'd be happy to contribute. I'll find some time and take care of it - may reach out to you privately for some questions.

[LoFenk]

Hi Claudep,

I'm in the code and have two questions for you:

1 - So it appears there's this inline style that appears because base extends admin/changelists.html.

<style>
--
  | #changelist table thead th:first-child {width: inherit}
  | </style>

If you look here:
https://github.com/django/django/blob/main/django/contrib/admin/templates/admin/change_list.html
there's this little bit that's to blame.

  {% if not actions_on_top and not actions_on_bottom %}
    <style>
      #changelist table thead th:first-child {width: inherit}
    </style>
  {% endif %}

I don't know enough about what admin/changelist does to fix that. Let me know if you have an idea.

2 - I noticed that the tables dont come out clean in the reports because each row is a table. While I'm at it, do you mind if I pull that table tag out of the loop so it's a single table with a single set of bold tags at the very top of the table - and then repeating, but more discreet (perhaps non bolded italic), td tags with each object?

Let me know.

[claudep]

I don't know enough about what admin/changelist does to fix that. Let me know if you have an idea.

Difficult to say. Looks like this targets the first checkbox that is used to select all lines. I guess you can try by setting ModelAdmin.actions_on_top and ModelAdmin.actions_on_bottom to False on some admin model, then see what happens if this line is removed. I'm sure Django devs would be open to remove that if this is no longer useful, or move that in a CSS file (by conditionally setting a specific class).

While I'm at it, do you mind if I pull that table tag out of the loop so it's a single table...

Please do, as long as no regressions happen. Maybe in a separate commit or PR.

[timobrembeck]

While I'm at it, do you mind if I pull that table tag out of the loop so it's a single table...

Please do, as long as no regressions happen. Maybe in a separate commit or PR.

I didn't follow the whole discussion, but is this related to the main linkcheck table? If so, any work done here would be superfluous after #189 is merged, right?
Sorry for abandoning this project for so long, but now I have more time again to finish my PRs.

[LoFenk]

Yeah, that would most likely fix at least part of the CSP issue I'm having - and would also make it unnecessary to fiddle with the table. I'm pretty much done with moving the static files and was going to send the PR today - but if you prefer I can wait for your PR to go through first. Let me know.

[LoFenk]

Hey sorry about the change of hearts - I had the code open and don't like leaving things unfinished so I just finished it off and sent a pull request. This way, if you decide to move on with #189 - then you can do it in your own time.

Also - now that everything renders as it should, the table is nice and straight (I was seeing the tables with uneven ends, but it turns out it had to do with some styles not being loaded) so I don't think there's any need to further fiddle with that on my part.

Hope that works, let me know if there's any issues with the provided changes.

[claudep]

Sorry, I totally forgot about the existing PR. Aging... 💀