Add secure headers using flask-talisman
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/push/woodpecker Pipeline was successful
Details
This commit is contained in:
parent
ae66bf0193
commit
3ca04816eb
|
|
@ -6,6 +6,7 @@ from werkzeug.utils import secure_filename
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
import locale
|
import locale
|
||||||
import logging
|
import logging
|
||||||
|
from flask_talisman import Talisman
|
||||||
|
|
||||||
# Configure logging
|
# Configure logging
|
||||||
logging.basicConfig(
|
logging.basicConfig(
|
||||||
|
|
@ -35,6 +36,52 @@ app.secret_key = 'supersecretkey'
|
||||||
app.config['UPLOAD_FOLDER'] = 'uploads'
|
app.config['UPLOAD_FOLDER'] = 'uploads'
|
||||||
app.config['VERSION'] = VERSION
|
app.config['VERSION'] = VERSION
|
||||||
|
|
||||||
|
# Configure security headers with Talisman
|
||||||
|
csp = {
|
||||||
|
'default-src': "'none'",
|
||||||
|
'script-src': ["'self'",
|
||||||
|
"'sha256-ryQsJ+aghKKD/CeXgx8jtsnZT3Epp3EjIw8RyHIq544='",
|
||||||
|
"'sha256-anTkUs/oFZJulKUMaMjZlwaALEmPOP8op0psAo5Bhh8='",
|
||||||
|
"'sha256-BASkmAmg7eoYCMd6odA6kQ8yGsFnoxaX48WbQvMkehs='"],
|
||||||
|
'style-src': ["'self'", "'sha256-Mo+7o3oPEKpX7fqRvTtunvQHlIDhJ0SxAMG1PCNniCI='"],
|
||||||
|
'img-src': ["'self'", "data:"],
|
||||||
|
'font-src': ["'self'", "data:"],
|
||||||
|
'connect-src': "'self'",
|
||||||
|
'object-src': "'none'",
|
||||||
|
'frame-ancestors': "'none'",
|
||||||
|
'base-uri': "'none'",
|
||||||
|
'form-action': "'self'"
|
||||||
|
}
|
||||||
|
|
||||||
|
permissions_policy = {
|
||||||
|
'accelerometer': '()',
|
||||||
|
'camera': '()',
|
||||||
|
'geolocation': '()',
|
||||||
|
'gyroscope': '()',
|
||||||
|
'magnetometer': '()',
|
||||||
|
'microphone': '()',
|
||||||
|
'payment': '()',
|
||||||
|
'usb': '()'
|
||||||
|
}
|
||||||
|
|
||||||
|
# Initialize Talisman
|
||||||
|
talisman = Talisman(
|
||||||
|
app,
|
||||||
|
content_security_policy=csp,
|
||||||
|
content_security_policy_nonce_in=['script-src'],
|
||||||
|
feature_policy=permissions_policy,
|
||||||
|
force_https=True,
|
||||||
|
force_https_permanent=True,
|
||||||
|
strict_transport_security=True,
|
||||||
|
strict_transport_security_preload=True,
|
||||||
|
strict_transport_security_max_age=31536000,
|
||||||
|
strict_transport_security_include_subdomains=True,
|
||||||
|
referrer_policy='strict-origin-when-cross-origin',
|
||||||
|
frame_options='DENY',
|
||||||
|
session_cookie_secure=True,
|
||||||
|
session_cookie_http_only=True
|
||||||
|
)
|
||||||
|
|
||||||
# Set locale for currency formatting
|
# Set locale for currency formatting
|
||||||
try:
|
try:
|
||||||
locale.setlocale(locale.LC_ALL, 'en_US.UTF-8')
|
locale.setlocale(locale.LC_ALL, 'en_US.UTF-8')
|
||||||
|
|
|
||||||
|
|
@ -8,3 +8,4 @@ Jinja2==3.1.6
|
||||||
MarkupSafe==2.1.3
|
MarkupSafe==2.1.3
|
||||||
itsdangerous==2.2.0
|
itsdangerous==2.2.0
|
||||||
click==8.1.7
|
click==8.1.7
|
||||||
|
flask-talisman==1.0.0
|
||||||
Loading…
Reference in New Issue