Adding CROSSORIGIN & django-csp handling

[karolyi]

The crossorigin tag is necessary for cases when the loaded assets have their integrity tag set and the origin of theirs are different from that of the loading page.

Besides, there's a couple improvements in the code as well.

[karolyi]

I have more ideas about immensely speeding up this module with utilizing caches, but this'll have to suffice for now.

[fjsj]

Overall LGTM, but we need more tests for the new code, including error conditions.

[karolyi]

Hey,

I've already provided test code that test the changes out, and using my fork in a pretty huge project, which was the reason to make the contribution in the first place.

Feel free to add those tests if you want to, this should be good to go either way.

[karolyi]

bumperino

[davidjayb]

Is there any traction on getting this merged? Being able to use a nonce CSP policy would be great.

[karolyi]

@davidjayb try using my fork (https://git.ksol.io/karolyi/django-webpack-loader/) and while you're at it, give a go to my rewritten integrity calculation too so you can test it as well: https://git.ksol.io/karolyi/webpack-bundle-tracker/

Here's to hoping for a quick merge, but to be honest I gave up on having the latter merged after being called names.

[karolyi]

I've deleted the repo on here from which I initiated the PR.

The repo with the modifications can still be found at https://git.ksol.io/karolyi/django-webpack-loader/, should anyone need it.

Also there is a setuptools error which I've fixed over there.

[karolyi]

How to use my fork in requirements.txt, in case you want to use it:

django-webpack-loader @ git+https://git.ksol.io/karolyi/django-webpack-loader.git@9c6f1030b5281ce4a80e458ee8ee2b11cb517bdf

That is the latest commit, but probably you can just go with @master at the end.