integrate nonce argument into register_notify_callbacks

2026-05-09 13:54:44 +00:00 · 2021-01-15 14:41:43 +11:00 · 2021-01-15 14:41:43 +11:00 · 3ce7e31054
commit 3ce7e31054
parent c401e69501
3 changed files with 9 additions and 4 deletions
--- a/notifications/templatetags/notifications_tags.py
+++ b/notifications/templatetags/notifications_tags.py
@ -52,7 +52,9 @@ def register_notify_callbacks(badge_class='live_notify_badge',  # pylint: disabl
                              refresh_period=15,
                              callbacks='',
                              api_name='list',
-                              fetch=5):
+                              fetch=5,
+                              nonce=None
+                              ):
    refresh_period = int(refresh_period) * 1000

    if api_name == 'list':
@ -79,7 +81,10 @@ def register_notify_callbacks(badge_class='live_notify_badge',  # pylint: disabl
        fetch_count=fetch
    )

-    script = "<script>" + definitions
+    # add a nonce value to the script tag if one is provided
+    nonce_str = f' nonce="{nonce}"' if nonce is not None else ""
+
+    script = f'<script type="text/javascript"{nonce_str}>' + definitions
    for callback in callbacks.split(','):
        script += "register_notifier(" + callback + ");"
    script += "</script>"
--- a/notifications/tests/templates/test_live.html
+++ b/notifications/tests/templates/test_live.html
@ -2,7 +2,7 @@

 <script src="{% static 'notifications/notify.js' %}" type="text/javascript"></script>
 <script src="{% static 'notifications/live-test.js' %}" type="text/javascript"></script>
-{% register_notify_callbacks callbacks='fill_notification_list,fill_notification_badge' fetch=20 refresh_period=5 %}
+{% register_notify_callbacks callbacks='fill_notification_list,fill_notification_badge' fetch=20 refresh_period=5 nonce='{{nonce}}' %}

 There are this many notifications pending: {% live_notify_badge %}

--- a/notifications/tests/tests.py
+++ b/notifications/tests/tests.py
@ -436,7 +436,7 @@ class NotificationTestPages(TestCase):
        request = factory.get('/notification/live_updater')
        request.user = self.to_user

-        render(request, 'notifications/test_tags.html', {'request': request})
+        render(request, 'notifications/test_tags.html', {'request': request, 'nonce': 'nonce-T5esDNXMnDe5lKMQ6ZzTUw=='})

        # TODO: Add more tests to check what is being output.