skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix: Add CSP for hcaptcha.

Browse source
This commit is contained in:
Ben Rog-Wilhelm 2023-10-12 12:16:28 -05:00
parent 6078b2e697
commit c5d380afb1
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
files/routes/allroutes.py
View file

@ -52,10 +52,12 @@ def teardown_request(error):
@app.after_request
def after_request(response: Response):
response.headers.add("Content-Security-Policy", ("""
script-src 'self' 'unsafe-inline' https://*.googletagmanager.com;
script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com;
img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://hcaptcha.com, https://*.hcaptcha.com;
object-src 'none';
frame-src https://hcaptcha.com https://*.hcaptcha.com;
style-src https://hcaptcha.com https://*.hcaptcha.com;
""".replace('\n', '').replace('\t', ' ')))
response.headers.add("Strict-Transport-Security", "max-age=31536000")
response.headers.add("X-Frame-Options", "deny")