Metadata-Version: 2.1
Name: django-sri
Version: 0.1.2
Summary: Subresource Integrity for Django
Home-page: https://github.com/RealOrangeOne/django-sri
Author: Jake Howard
License: BSD
Description: # Django SRI
        
        ![CI](https://github.com/RealOrangeOne/django-sri/workflows/CI/badge.svg)
        ![PyPI](https://img.shields.io/pypi/v/django-sri.svg)
        ![PyPI - Python Version](https://img.shields.io/pypi/pyversions/django-sri.svg)
        ![PyPI - Status](https://img.shields.io/pypi/status/django-sri.svg)
        ![PyPI - License](https://img.shields.io/pypi/l/django-sri.svg)
        
        
        [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) for Django.
        
        
        ## Installation
        
        ```
        pip install django-sri
        ```
        
        And add `sri` to your `INSTALLED_APPS`.
        
        ## Usage
        
        `django-sri` is designed to be used through template tags:
        
        ```html
        {% load sri %}
        
        {% sri "index.js" %} <!-- Will output "<script src='/static/index.js' integrity='sha256-...'></script>" -->
        {% sri "index.css" %} <!-- Will output "<link rel='stylesheet' href='/static/index.css' integrity='sha256-...'/>" -->
        ```
        
        Specific tags are also available:
        
        ```html
        {% load sri %}
        
        {% sri_js "index.js" %} <!-- Will output "<script src='/static/index.js' integrity='sha256-...'></script>" -->
        {% sri_css "index.css" %} <!-- Will output "<link rel='stylesheet' href='/static/index.css' integrity='sha256-...'/>" -->
        ```
        
        For performance, the hashes of files are cached in memory using [`lru_cache`](https://docs.python.org/3/library/functools.html#functools.lru_cache) for future requests.
        
        __Note__: By default, integrity hashes are not output when `DEBUG` is `True`, as static files change a lot during local development. To override this, set `USE_SRI` to `True`.
        
        ### Algorithms
        
        The SRI standard supports 3 algorithms: sha256, sha384 and sha512. By default, SHA256 is used. To override this, supply an additional argument to the `sri` template tag (or the specific ones):
        
        ```html
        {% load sri %}
        
        {% sri "index.js" "sha512" %} <!-- Will output "<script src='/static/index.js' integrity='sha512-...'></script>" -->
        ```
        
        The default algorithm can be changed by setting `SRI_ALGORITHM` to the required algorithm.
        
        ### Just the integrity value
        
        To retrieve just the integrity hash (the contents of the `integrity` attribute), you can use the `{% sri_integrity %}` tag, which supports the same arguments as the other tags.
        
        ### _"Does this work with [whitenoise](https://whitenoise.evans.io/en/stable/) or alike?"_
        
        Yes. `django-sri` outputs the static file URL in the same way the builtin `static` template tag does. This means the correct cachebusted URLs are output.
        
Keywords: django subresource integrity sri
Platform: UNKNOWN
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Software Development
Classifier: Typing :: Typed
Requires-Python: >=3.6
Description-Content-Type: text/markdown
