code, games, etc.

Getting Django-debug-toolbar to Play Nice With Playdoh and Django-csp

If you’re working on a project based on the wonderful playdoh project template, and try to use the also-wonderful django-debug-toolbar library to help track down a bug or see what queries are being run, you’ll find that the two do not play nice. Similarly, you might be using django-csp; you’ll find that there are issues using that with django-debug-toolbar as well.

I’ve hit this issue before myself, and just helped a coworker deal with the exact same issue. Luckily, the fixes for each are easy.

Playdoh

When using django-debug-toolbar with playdoh, you may encounter an error that says “Encountered unknown tag ‘load’.”.

The issue here is that playdoh uses the jinja2 templating language, while django-debug-toolbar uses standard django templates. To fix this, you need to tell jingo, playdoh’s adapter for using jinja2, to ignore using jinja2 for rendering the toolbar. Add this to your local settings file:

1
2
3
JINGO_EXCLUDE_APPS += [
    'debug_toolbar',
]

This applies to any app that doesn’t support jinja2 templates. Just add the app’s name to JINGO_EXCLUDE_APPS, and you’re set!

django-csp

A different sort’ve issue pops up with django-csp. If you use the library with django-debug-toolbar, you will notice that the toolbar doesn’t appear at all. What happens is that django-debug-toolbar injects <script> tags into every page in order to activate the toolbar. These scripts contain inline Javascript, which django-csp disables by default. Thus, no toolbar.

Again, the fix is easy. You can temporarily disable this restriction while you’re debugging with the following in your local settings file:

1
CSP_OPTIONS = ('inline-script', 'eval-script')

Be sure not to run this on your production website! This disables the protection that CSP provides against certain attacks, like XSS. That’s why using settings/local.py in playdoh is a good idea.