oTree Forum >

Custom Middlewares

#1 by tyhayeswbs

Hi oTree team,

I'm looking to add custom middlewares to the oTree application.  Is there any support for this in oTree 5?  I can't currently see anything in the documentation for it, though I may have overlooked it.

For added context: I run oTree on an in-house server in my institution for various reasons (e.g. collaborations with industry partners that contractually require all data to be kept locally and not shared with third parties), so moving to hosting on oTree hub is not currently an option for us. If it's not supported/possible, I am comfortable forking the oTree framework code and adapting it myself but I don't want to go to that extent if I don't need to.

Thanks in advance


#2 by xindamate_xyz

There is a question, what’s the effect of the middleware. And how you gonna to use it.


#3 by tyhayeswbs

I've been asked by our IT security team to tighten up the CSP on my experiment server, so I'm trying to eliminate the need for 'unsafe-inline' script-src and style-src. 

So I'm looking for a middlewsre that will automatically inject nonces into the rendered output and headers. (As removing everything to static files or including hashes doesn't work due to the injection of certain variables in some of the core otree templates.)

My backup solution involves moving those variables to disabled hidden inputs and grabbing the values via jquery so I can hash the script block. But that feels a bigger and more fragile change.


Write a reply

Set forum username