Skip to main content

Subresource Integrity for Django

Project description

Django SRI

CI PyPI PyPI - Python Version PyPI - Status PyPI - License

Subresource Integrity for Django.

Installation

pip install django-sri

And add sri to your INSTALLED_APPS.

Usage

Template Tags

Note: By default, integrity hashes are not output when DEBUG is True, as static files change a lot during local development. To override this, set USE_SRI to True.

django-sri is designed to primarily be used through template tags:

{% load sri %}

{% sri_static "index.js" %} <!-- Will output "<script src='/static/index.js' integrity='sha256-...'></script>" -->
{% sri_static "index.css" %} <!-- Will output "<link rel='stylesheet' href='/static/index.css' integrity='sha256-...'/>" -->

For performance, the hashes of files are cached in memory using lru_cache for future requests.

Algorithms

The SRI standard supports 3 algorithms: sha256, sha384 and sha512. By default, SHA256 is used. To override this, supply an additional argument to the sri template tag (or the specific ones):

{% load sri %}

{% sri_static "index.js" "sha512" %} <!-- Will output "<script src='/static/index.js' integrity='sha512-...'></script>" -->

The default algorithm can be changed by setting SRI_ALGORITHM to the required algorithm.

Just the integrity value

To retrieve just the integrity hash (the contents of the integrity attribute), you can use the {% sri_integrity_static %} tag, which supports the same arguments as the other tags.

{% load sri %}

{% sri_integrity_static "index.js" "sha512" %} <!-- Will output "sha512-..." -->

Supported Files

For automatic tag output, the following files are supported:

  • .js
  • .css

sri_integrity_static is unaffected by this limitation.

API

from sri import calculate_integrity

calculate_integrity("/path/to/myfile.txt")  # "sha256-..."

"Does this work with whitenoise or alike?"

Yes. django-sri outputs the static file URL in the same way the builtin static template tag does. This means the correct cachebusted URLs are output.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-sri-0.3.0.tar.gz (4.1 kB view details)

Uploaded Source

Built Distribution

django_sri-0.3.0-py3-none-any.whl (5.3 kB view details)

Uploaded Python 3

File details

Details for the file django-sri-0.3.0.tar.gz.

File metadata

  • Download URL: django-sri-0.3.0.tar.gz
  • Upload date:
  • Size: 4.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.8.6

File hashes

Hashes for django-sri-0.3.0.tar.gz
Algorithm Hash digest
SHA256 961e316c0663d2b277a60f677bae3bed451a26f045129eddf09827f98fe00b86
MD5 4d0b67d40db43bcf735931ed9647ddc7
BLAKE2b-256 8efb97e07accb1edc967987f5a17871de9160d079b401107e4537ded5c78e0ac

See more details on using hashes here.

File details

Details for the file django_sri-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: django_sri-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 5.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.8.6

File hashes

Hashes for django_sri-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9fa50b4b41b4cc3e8072d1bc4a60a81e38fd95698aed115d2f56f3d7e83a6877
MD5 ea9641e7f39b0b9cdc5a7bd82dbd721a
BLAKE2b-256 3fe7572537941da46ee5a0082a1c7270e213669beb63ecacfdb246a3bf3f8a07

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page