Search code examples
pythondjangocontent-security-policydjango-smart-selects

Django smart select doesn't work with Django CSP

I admit that I am truly a beginner in this area. I made a database driven website with django.

Models.py:

from django.db import models
from smart_selects.db_fields import ChainedForeignKey

# Create your models here.
class Company(models.Model):
     ID = models.AutoField(primary_key=True, unique=True)
     soc_name = models.CharField(max_length=100)
     phone = models.CharField(max_length=100, blank=True)
     class Meta:
        ordering = ('soc_name',)
     def __str__(self):
         return self.soc_name

class Plant(models.Model):
     ID = models.AutoField(primary_key=True)
     name = models.CharField(max_length=100)
     company_id = models.ForeignKey(company, on_delete=models.CASCADE)
     class Meta:
        ordering = ('name',)
     def __str__(self):
         return self.name

class Interventions(models.Model):
     ID = models.AutoField(primary_key=True)
     start_date = models.DateField()
     description = models.TextField()
     company_id = models.ForeignKey(company, on_delete=models.CASCADE)
     plant_id = ChainedForeignKey(
         Installations,
         chained_field="Company_ID",
         chained_model_field="Company_ID",
         show_all=False,
         auto_choose=True,
         sort=True)

     def __str__(self):
         return str(f"{self.start_date}, {self.plant_ID}")

I used Django-Smart-Selects so that in Interventions Form, when a Company is selected, the Combo Box of the Plants (which belong to the respective Companies) is automatically filtered. Here an image to make it easier to understand: enter image description here

Up to here everything works perfectly. So I tried adding Content Security Policies (CSP) to my site. To do this, I added these lines of code to the Settings.py file:

MIDDLEWARE = [
     [...]
     'csp.middleware.CSPMiddleware',
]

CSP_DEFAULT_SRC = ("'none'",)
CSP_STYLE_SRC = ("'unsafe-inline'", "https:")
CSP_SCRIPT_SRC = ("'self'",)
CSP_FONT_SRC = ("'self'",)
CSP_IMG_SRC = ("'self'",)

The problem is that when I add CSP protection, Django-Smart-Selects stops working. I tried to analyze the operation and characteristics of the Plant combobox but apparently nothing changes with or without CSP.

Could someone give me some advice.

It's probably something trivial but I can't understand given my inexperience. I tried searching on the internet, but it seems that no one until now has come across this problem.

Sorry for the bad English.

Many thanks to all.

Solution

  • Finally, calmly analyzing the errors present in the console of my website page, I managed to find the solution. Basically, for some reason that I couldn't fully understand, the CSP protection conflicted with the scripts that made Django-Smart-Selects work. So here are the changes to the Settings.py worksheet I made that now make Django-Smart-Selects work correctly:

    CSP_SCRIPT_SRC = ("'self'", "https://code.jquery.com/jquery-3.6.0.min.js",
                            "https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js",
                            "“https://www.googletagmanager.com/gtag/js?id=[...]",)

    Thank you all anyway for your patience and availability.