Subresource Integrity for Django
Project description
Django SRI
Subresource Integrity for Django.
Installation
pip install django-sri
And add sri to your INSTALLED_APPS.
Usage
Template Tags
Note: By default, integrity hashes are not output when DEBUG is True, as static files change a lot during local development. To override this, set USE_SRI to True.
django-sri is designed to primarily be used through template tags:
{% load sri %}
{% sri_static "index.js" %} <!-- Will output "<script src='/static/index.js' integrity='sha256-...'></script>" -->
{% sri_static "index.css" %} <!-- Will output "<link rel='stylesheet' href='/static/index.css' integrity='sha256-...'/>" -->
For performance, the hashes of files are caches in Django's caching framework. It will attempt to use the "sri" cache, but fall back to "default" if it doesn't exist. The cache keys are the hash of the file path in the specified algorithm in hex. Caches are stored for as long as DEFAULT_TIMEOUT is set to.
Algorithms
The SRI standard supports 3 algorithms: sha256, sha384 and sha512. By default, SHA256 is used. To override this, supply an additional argument to the sri template tag (or the specific ones):
{% load sri %}
{% sri_static "index.js" "sha512" %} <!-- Will output "<script src='/static/index.js' integrity='sha512-...'></script>" -->
The default algorithm can be changed by setting SRI_ALGORITHM to the required algorithm.
Just the integrity value
To retrieve just the integrity hash (the contents of the integrity attribute), you can use the {% sri_integrity_static %} tag, which supports the same arguments as the other tags.
{% load sri %}
{% sri_integrity_static "index.js" "sha512" %} <!-- Will output "sha512-..." -->
Supported Files
For automatic tag output, the following files are supported:
.js.css
sri_integrity_static is unaffected by this limitation.
API
from pathlib import Path
from sri import calculate_integrity, calculate_integrity_of_static, Algorithm
calculate_integrity(Path("/path/to/myfile.txt")) # "sha256-..."
calculate_integrity_of_static("index.js") # "sha256-..."
calculate_integrity_of_static("index.js", Algorithm.SHA512) # "sha512-..."
"Does this work with whitenoise or alike?"
Yes. django-sri outputs the static file URL in the same way the builtin static template tag does. This means the correct cachebusted URLs are output.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django-sri-0.4.0.tar.gz.
File metadata
- Download URL: django-sri-0.4.0.tar.gz
- Upload date:
- Size: 5.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.8.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8a21b9808c351fe28d731ac1af9043b2525ba93d883aab888424cd8b121bbef1
|
|
| MD5 |
a5377a14a967f73ad82da487e770a2e7
|
|
| BLAKE2b-256 |
4e65999b60a7ab90f013b83fa722c445d9fa1bd70058d2aff00b1a28e5875f19
|
File details
Details for the file django_sri-0.4.0-py3-none-any.whl.
File metadata
- Download URL: django_sri-0.4.0-py3-none-any.whl
- Upload date:
- Size: 6.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.8.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44e0fb6a33d767008098293014d89b380ee6ec65ffe034a89dcff8f199c5abb0
|
|
| MD5 |
bc66d4fdeb784ddbfc5b32e14c8490a2
|
|
| BLAKE2b-256 |
8eeabe650f1e01db161af38a3a6276173bf58db396e65c96dbfd5aa0a62c80a1
|
