skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bring the CSP up to standard. (#699)

Browse source
This commit is contained in:
Ben Rog-Wilhelm 2023-09-11 02:56:39 -05:00 committed by GitHub
parent e7926952b3
commit b345a62dbb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
files/routes/allroutes.py
View file

@ -51,12 +51,12 @@ def teardown_request(error):
@app.after_request
def after_request(response: Response):
response.headers.add("Content-Security-Policy", (
" script-src: 'self' https://*.googletagmanager.com"
" img-src: https://*.google-analytics.com https://*.googletagmanager.com"
" connect-src: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com"
" object-src: 'none'"
))
response.headers.add("Content-Security-Policy", ("""
script-src 'self' https://*.googletagmanager.com;
img-src https://*.google-analytics.com https://*.googletagmanager.com;
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;
object-src 'none';
"""))
response.headers.add("Strict-Transport-Security", "max-age=31536000")
response.headers.add("X-Frame-Options", "deny")
return response