fix csp for sentry
This commit is contained in:
parent
e8f45c1af6
commit
16f6739189
7
app.py
7
app.py
|
@ -74,7 +74,12 @@ limiter = Limiter(app, key_func=rate_limit_key)
|
||||||
|
|
||||||
@app.after_request
|
@app.after_request
|
||||||
def install_security_headers(resp):
|
def install_security_headers(resp):
|
||||||
csp = "default-src 'none'; img-src 'self' https: http:; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'"
|
csp = "default-src 'none'; img-src 'self' https: http:; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'"
|
||||||
|
if 'SENTRY_DSN' in app.config:
|
||||||
|
csp += "; script-src 'self' https://cdn.ravenjs.com/"
|
||||||
|
else:
|
||||||
|
csp += "; script-src 'self'"
|
||||||
|
|
||||||
if 'CSP_REPORT_URI' in app.config:
|
if 'CSP_REPORT_URI' in app.config:
|
||||||
csp += "; report-uri " + app.config.get('CSP_REPORT_URI')
|
csp += "; report-uri " + app.config.get('CSP_REPORT_URI')
|
||||||
resp.headers.set('Content-Security-Policy', csp)
|
resp.headers.set('Content-Security-Policy', csp)
|
||||||
|
|
Loading…
Reference in New Issue