skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bring the CSP up to standard. (#699)

Browse source
This commit is contained in:
Ben Rog-Wilhelm 2023-09-11 02:56:39 -05:00 committed by GitHub
parent e7926952b3
commit b345a62dbb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
files/routes/allroutes.py
View file

@ -51,12 +51,12 @@ def teardown_request(error):
@app.after_request @app.after_request
def after_request(response: Response): def after_request(response: Response):
response.headers.add("Content-Security-Policy", ( response.headers.add("Content-Security-Policy", ("""
" script-src: 'self' https://*.googletagmanager.com" script-src 'self' https://*.googletagmanager.com;
" img-src: https://*.google-analytics.com https://*.googletagmanager.com" img-src https://*.google-analytics.com https://*.googletagmanager.com;
" connect-src: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com" connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;
" object-src: 'none'" object-src 'none';
)) """))
response.headers.add("Strict-Transport-Security", "max-age=31536000") response.headers.add("Strict-Transport-Security", "max-age=31536000")
response.headers.add("X-Frame-Options", "deny") response.headers.add("X-Frame-Options", "deny")
return response return response