From 16f67391893866a41f501d77858172a4d48c24b1 Mon Sep 17 00:00:00 2001
From: codl <codl@codl.fr>
Date: Mon, 28 Aug 2017 01:50:16 +0200
Subject: [PATCH] fix csp for sentry

---
 app.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index ce7c0a4..567ee4c 100644
--- a/app.py
+++ b/app.py
@@ -74,7 +74,12 @@ limiter = Limiter(app, key_func=rate_limit_key)
 
 @app.after_request
 def install_security_headers(resp):
-    csp = "default-src 'none'; img-src 'self' https: http:; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'"
+    csp = "default-src 'none'; img-src 'self' https: http:; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'"
+    if 'SENTRY_DSN' in app.config:
+        csp += "; script-src 'self' https://cdn.ravenjs.com/"
+    else:
+        csp += "; script-src 'self'"
+
     if 'CSP_REPORT_URI' in app.config:
         csp += "; report-uri " + app.config.get('CSP_REPORT_URI')
     resp.headers.set('Content-Security-Policy', csp)