skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clean up CSP a little more to work properly with Analytics. (#698)

Browse source
This commit is contained in:
Ben Rog-Wilhelm 2023-09-11 02:24:16 -05:00 committed by GitHub
parent 75edfe8b31
commit 7b12fba945
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
files/routes/allroutes.py
View file

@ -52,10 +52,10 @@ def teardown_request(error):
@app.after_request
def after_request(response: Response):
response.headers.add("Content-Security-Policy", (
"script-src 'self' 'unsafe-inline';"
" connect-src 'self' *.google-analytics.com *.analytics.google.com;"
" object-src 'none';"
" img-src 'self' *.google-analytics.com *.analytics.google.com"
" script-src: 'self' https://*.googletagmanager.com"
" img-src: https://*.google-analytics.com https://*.googletagmanager.com"
" connect-src: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com"
" object-src: 'none'"
))
response.headers.add("Strict-Transport-Security", "max-age=31536000")
response.headers.add("X-Frame-Options", "deny")