colin
/
ploughshares
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CSP configuration to allow Bootstrap and external resources
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
colin 2025-07-03 14:13:28 -04:00
parent d771718799
commit 6a2dd63ad3
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docker/ploughshares/app.py
View File

@ -43,18 +43,23 @@ APP_ENV = os.environ.get('APP_ENV', 'development')
# Configure security headers with Talisman # Configure security headers with Talisman
# Base CSP settings # Base CSP settings
csp = { csp = {
'default-src': "'none'", 'default-src': ["'self'"],
'script-src': ["'self'", 'script-src': [
"'sha256-ryQsJ+aghKKD/CeXgx8jtsnZT3Epp3EjIw8RyHIq544='", "'self'",
"'sha256-anTkUs/oFZJulKUMaMjZlwaALEmPOP8op0psAo5Bhh8='", "'unsafe-inline'",
"'sha256-BASkmAmg7eoYCMd6odA6kQ8yGsFnoxaX48WbQvMkehs='"], "https://cdn.jsdelivr.net/",
'style-src': ["'self'", "'sha256-Mo+7o3oPEKpX7fqRvTtunvQHlIDhJ0SxAMG1PCNniCI='"], ],
'img-src': ["'self'", "data:"], 'style-src': [
'font-src': ["'self'", "data:"], "'self'",
"'unsafe-inline'",
"https://cdn.jsdelivr.net/",
],
'img-src': ["'self'", "data:", "https:"],
'font-src': ["'self'", "data:", "https://cdn.jsdelivr.net/"],
'connect-src': "'self'", 'connect-src': "'self'",
'object-src': "'none'", 'object-src': "'none'",
'frame-ancestors': "'none'", 'frame-ancestors': "'none'",
'base-uri': "'none'", 'base-uri': "'self'",
'form-action': "'self'" 'form-action': "'self'"
} }