Skip to main content

Subresource Integrity for Django

Project description

Django SRI

CI PyPI PyPI - Python Version PyPI - Status PyPI - License

Subresource Integrity for Django.

Installation

pip install django-sri

And add sri to your INSTALLED_APPS.

Usage

Template Tags

Note: By default, integrity hashes are not output when DEBUG is True, as static files change a lot during local development. To override this, set USE_SRI to True.

django-sri is designed to primarily be used through template tags:

{% load sri %}

{% sri_static "index.js" %} <!-- Will output "<script src='/static/index.js' integrity='sha256-...'></script>" -->
{% sri_static "index.css" %} <!-- Will output "<link rel='stylesheet' href='/static/index.css' integrity='sha256-...'/>" -->

For performance, the hashes of files are caches in Django's caching framework. It will attempt to use the "sri" cache, but fall back to "default" if it doesn't exist. The cache keys are the hash of the file path in the specified algorithm in hex. Caches are stored for as long as DEFAULT_TIMEOUT is set to.

Algorithms

The SRI standard supports 3 algorithms: sha256, sha384 and sha512. By default, SHA256 is used. To override this, supply an additional algorithm argument to the sri template tag (or the specific ones):

{% load sri %}

{% sri_static "index.js" algorithm="sha512" %} <!-- Will output "<script src='/static/index.js' integrity='sha512-...'></script>" -->

The default algorithm can be changed by setting SRI_ALGORITHM to the required algorithm.

Additional attributes

To add additional attributes to the output tag (such as async / defer), specify them as additional arguments to the template tag:

{% load sri %}

{% sri_static "index.js" 'defer' 'async'%}
{% sri_static "index.woff2" preload as="font" %}

Just the integrity value

To retrieve just the integrity hash (the contents of the integrity attribute), you can use the {% sri_integrity_static %} tag, which supports the same arguments as the other tags.

{% load sri %}

{% sri_integrity_static "index.js" "sha512" %} <!-- Will output "sha512-..." -->

Supported Files

For automatic tag output, the following files are supported:

  • .js
  • .css

Unknown extensions will emit a link tag with the URL as the href attribute.

sri_integrity_static is unaffected by this limitation.

API

from pathlib import Path
from sri import calculate_integrity, calculate_integrity_of_static, Algorithm

calculate_integrity(Path("/path/to/myfile.txt"))  # "sha256-..."
calculate_integrity_of_static("index.js")  # "sha256-..."

calculate_integrity_of_static("index.js", Algorithm.SHA512)  # "sha512-..."

"Does this work with whitenoise or alike?"

Yes. django-sri outputs the static file URL in the same way the builtin static template tag does. This means the correct cachebusted URLs are output.

When using a manifest STATICFILES_STORAGE, django-sri will automatically retrieve the hashed and post-processed file as opposed to the original.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-sri-0.6.0.tar.gz (6.3 kB view details)

Uploaded Source

Built Distribution

django_sri-0.6.0-py3-none-any.whl (7.2 kB view details)

Uploaded Python 3

File details

Details for the file django-sri-0.6.0.tar.gz.

File metadata

  • Download URL: django-sri-0.6.0.tar.gz
  • Upload date:
  • Size: 6.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.8.16

File hashes

Hashes for django-sri-0.6.0.tar.gz
Algorithm Hash digest
SHA256 a1daffb889b940626f347bfa3bb1005029a296e1109e72c5b616d79a76f85c76
MD5 1d07ee2917ed53d0003edad44f870a02
BLAKE2b-256 c215b9f98d3711e4ba86f3c70712ce8de301b00e6e36757cfd27060c1498f686

See more details on using hashes here.

Provenance

File details

Details for the file django_sri-0.6.0-py3-none-any.whl.

File metadata

  • Download URL: django_sri-0.6.0-py3-none-any.whl
  • Upload date:
  • Size: 7.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.8.16

File hashes

Hashes for django_sri-0.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cf7b5d45de253873a31c7540b85f9ff6e10405dde8dc1fb6389f5b820405ec22
MD5 4a52d6a2201a021846ad0580e00cddd4
BLAKE2b-256 19e69049017bb8186e9994cf3b2d654b217b42451765e52ce193f87aee63f5f7

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page