django-webpack-loader Adding CROSSORIGIN & django-csp handling

The crossorigin tag is necessary for cases when the loaded assets have their integrity tag set and the origin of theirs are different from that of the loading page.

Besides, there's a couple improvements in the code as well.

Jul 28 '24 22:07 karolyi

I have more ideas about immensely speeding up this module with utilizing caches, but this'll have to suffice for now.

Jul 29 '24 13:07 karolyi

Hey,

I've already provided test code that test the changes out, and using my fork in a pretty huge project, which was the reason to make the contribution in the first place.

Feel free to add those tests if you want to, this should be good to go either way.

Aug 02 '24 16:08 karolyi

bumperino

Nov 09 '24 15:11 karolyi

Is there any traction on getting this merged? Being able to use a nonce CSP policy would be great.

Feb 03 '25 17:02 davidjayb

@davidjayb try using my fork (https://git.ksol.io/karolyi/django-webpack-loader/) and while you're at it, give a go to my rewritten integrity calculation too so you can test it as well: https://git.ksol.io/karolyi/webpack-bundle-tracker/

Here's to hoping for a quick merge, but to be honest I gave up on having the latter merged after being called names.

Feb 03 '25 18:02 karolyi

I've deleted the repo on here from which I initiated the PR.

The repo with the modifications can still be found at https://git.ksol.io/karolyi/django-webpack-loader/, should anyone need it.

Also there is a setuptools error which I've fixed over there.

Mar 24 '25 17:03 karolyi

How to use my fork in requirements.txt, in case you want to use it:

django-webpack-loader @ git+https://git.ksol.io/karolyi/django-webpack-loader.git@9c6f1030b5281ce4a80e458ee8ee2b11cb517bdf

That is the latest commit, but probably you can just go with @master at the end, as in:

django-webpack-loader @ git+https://git.ksol.io/karolyi/django-webpack-loader.git@master

Mar 24 '25 17:03 karolyi