skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Actually clean this up *properly*.

Browse source
This commit is contained in:
Ben Rog-Wilhelm 2023-09-11 03:09:44 -05:00
parent b345a62dbb
commit 9edfb64c08
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
files/routes/allroutes.py
View file

@ -52,11 +52,11 @@ def teardown_request(error):
@app.after_request
def after_request(response: Response):
response.headers.add("Content-Security-Policy", ("""
script-src 'self' https://*.googletagmanager.com;
img-src https://*.google-analytics.com https://*.googletagmanager.com;
script-src 'self' 'unsafe-inline' https://*.googletagmanager.com;
img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;
object-src 'none';
"""))
""".replace('\n', '')))
response.headers.add("Strict-Transport-Security", "max-age=31536000")
response.headers.add("X-Frame-Options", "deny")
return response