you know what, screw sentry. bye
This commit is contained in:
parent
af407ff1f2
commit
175e313e03
7
app.py
7
app.py
|
@ -74,12 +74,7 @@ limiter = Limiter(app, key_func=rate_limit_key)
|
|||
|
||||
@app.after_request
|
||||
def install_security_headers(resp):
|
||||
csp = "default-src 'none'; img-src 'self' https: http:; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'"
|
||||
if 'SENTRY_DSN' in app.config:
|
||||
csp += "; script-src 'self' https://cdn.ravenjs.com/"
|
||||
else:
|
||||
csp += "; script-src 'self'"
|
||||
|
||||
csp = "default-src 'none'; img-src 'self' https: http:; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'"
|
||||
if 'CSP_REPORT_URI' in app.config:
|
||||
csp += "; report-uri " + app.config.get('CSP_REPORT_URI')
|
||||
resp.headers.set('Content-Security-Policy', csp)
|
||||
|
|
|
@ -12,11 +12,6 @@
|
|||
<meta name='og:type' content='website' />
|
||||
<meta name='twitter:card' content='summary' />
|
||||
<meta name='twitter:site:id' content='808418'/>
|
||||
|
||||
{% if sentry_dsn -%}
|
||||
<script defer src="https://cdn.ravenjs.com/3.17.0/raven.min.js" crossorigin="anonymous"
|
||||
onload="Raven.config('{{sentry_dsn}}').install()"></script>
|
||||
{% endif -%}
|
||||
{% block scripts %}{% endblock %}
|
||||
</head>
|
||||
{%- from 'lib/picture.html' import picture %}
|
||||
|
|
Loading…
Reference in New Issue