Recently, I deployed a Django web app. However, when I’m accessing the admin page, I’m not getting the expected interface to add or remove a user from a certain group:
At the of inspecting the page, I’m receiving the following messages:
any idea about how to handle these errros?
Thanks!
Advertisement
Answer
Content Security Policies are usually controlled via middleware like django-csp. All the admin control JavaScript files are included as static files, no external libraries should be loaded, they should be on the same domain.
In order for CSP to allow to load these files, you need to add script-src 'self' (it’s an alias for same-origin). Look inside settings.py for CSP_SCRIPT_SRC keyword and append 'self' (single quotation marks are required).
Note: if CSP headers are added not by Django, but by reverse proxy, like nginx, then you should look and fix configuration settings there.