Add ability to configure graphiql version.

Introduces 3 new settings that will be used when rendering the template:

GRAPHIQL_VERSION = Version number string
GRAPHIQL_VERSION_JS_SRI = String value of file hash for js file.
GRAPHIQL_VERSION_CSS_SRI = String value of file hash for css file.

Sets current default value of GraphIQL to 1.4.7

This is the minimum version that addresses and XSS vulnerability.

https://github.com/graphql/graphiql/blob/main/docs/security/2021-introspection-schema-xss.md

graphene_django/settings.py

@@ -43,6 +43,14 @@ DEFAULTS = {
     "GRAPHIQL_SHOULD_PERSIST_HEADERS": False,
     "ATOMIC_MUTATIONS": False,
     "TESTING_ENDPOINT": "/graphql",
+    "GRAPHIQL_VERSION": "1.4.7",
+    "GRAPHIQL_VERSION_JS_SRI": (
+        "sha384-sDK9xvE5fVRiyOv5lVbh5UuWUMkwvU3G67VYzLX2G1WMIeQ7fKOLCmeKnzfrukdv"
+    ),
+    "GRAPHIQL_VERSION_CSS_SRI": (
+        "sha384-1YHEU+Xy8hlKYAZ26WTz+JQEPMM6i/Mx5m8umMkSZChlzSYmq7RqyCyRbGqrILVZ"
+    ),
+
 }
 
 if settings.DEBUG:

graphene_django/views.py

@@ -66,9 +66,9 @@ class GraphQLView(View):
     react_dom_sri = "sha256-nbMykgB6tsOFJ7OdVmPpdqMFVk4ZsqWocT6issAPUF0="
 
     # The GraphiQL React app.
-    graphiql_version = "1.4.1"  # "1.0.3"
+    graphiql_version = graphene_settings.GRAPHIQL_VERSION
-    graphiql_sri = "sha256-JUMkXBQWZMfJ7fGEsTXalxVA10lzKOS9loXdLjwZKi4="  # "sha256-VR4buIDY9ZXSyCNFHFNik6uSe0MhigCzgN4u7moCOTk="
+    graphiql_sri = graphene_settings.GRAPHIQL_VERSION_JS_SRI
-    graphiql_css_sri = "sha256-Md3vdR7PDzWyo/aGfsFVF4tvS5/eAUWuIsg9QHUusCY="  # "sha256-LwqxjyZgqXDYbpxQJ5zLQeNcf7WVNSJ+r8yp2rnWE/E="
+    graphiql_css_sri = graphene_settings.GRAPHIQL_VERSION_CSS_SRI
 
     # The websocket transport library for subscriptions.
     subscriptions_transport_ws_version = "0.9.18"