colin
/
ploughshares
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing security headers: Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Resource-Policy, and Cross-Origin-Opener-Policy
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
colin 2025-07-03 14:26:35 -04:00
parent f25ca7ffe0
commit 0e76175163
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docker/ploughshares/app.py
View File

@ -72,6 +72,7 @@ if APP_DOMAIN:
else: else:
csp['form-action'] = [csp['form-action'], APP_DOMAIN] csp['form-action'] = [csp['form-action'], APP_DOMAIN]
# Configure Permissions-Policy (formerly Feature-Policy)
permissions_policy = { permissions_policy = {
'accelerometer': '()', 'accelerometer': '()',
'camera': '()', 'camera': '()',
@ -87,6 +88,13 @@ permissions_policy = {
force_https = APP_ENV != 'development' force_https = APP_ENV != 'development'
logger.info(f"Environment: {APP_ENV}, Force HTTPS: {force_https}") logger.info(f"Environment: {APP_ENV}, Force HTTPS: {force_https}")
# Additional security headers
additional_headers = {
'Cross-Origin-Embedder-Policy': 'require-corp',
'Cross-Origin-Resource-Policy': 'same-origin',
'Cross-Origin-Opener-Policy': 'same-origin'
}
# Initialize Talisman # Initialize Talisman
talisman = Talisman( talisman = Talisman(
app, app,
@ -105,6 +113,13 @@ talisman = Talisman(
session_cookie_http_only=True session_cookie_http_only=True
) )
# Add additional security headers that Talisman doesn't support natively
@app.after_request
def add_security_headers(response):
for header, value in additional_headers.items():
response.headers[header] = value
return response
# Set locale for currency formatting # Set locale for currency formatting
try: try:
locale.setlocale(locale.LC_ALL, 'en_US.UTF-8') locale.setlocale(locale.LC_ALL, 'en_US.UTF-8')