Merge branch 'test-css-tweak' into v2

2025-06-05 21:59:23 +02:00 · 2022-11-11 15:07:40 +01:00
parent 48d5914851 5c98b8dbfb
commit 4c995957a6
3 changed files with 23 additions and 4 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -109,6 +109,8 @@ class Config(pydantic.BaseModel):

    inbox_retention_days: int = 15

+    custom_content_security_policy: str | None = None
+
    # Config items to make tests easier
    sqlalchemy_database: str | None = None
    key_path: str | None = None
@@ -165,6 +167,7 @@ if CONFIG.privacy_replace:

 BLOCKED_SERVERS = {blocked_server.hostname for blocked_server in CONFIG.blocked_servers}
 ALSO_KNOWN_AS = CONFIG.also_known_as
+CUSTOM_CONTENT_SECURITY_POLICY = CONFIG.custom_content_security_policy

 INBOX_RETENTION_DAYS = CONFIG.inbox_retention_days
 CUSTOM_FOOTER = (
--- a/app/main.py
+++ b/app/main.py
@@ -137,9 +137,15 @@ class CustomMiddleware:
                headers["x-frame-options"] = "DENY"
                headers["permissions-policy"] = "interest-cohort=()"
                headers["content-security-policy"] = (
-                    f"default-src 'self'; "
-                    f"style-src 'self' 'sha256-{HIGHLIGHT_CSS_HASH}'; "
-                    f"frame-ancestors 'none'; base-uri 'self'; form-action 'self';"
+                    (
+                        f"default-src 'self'; "
+                        f"style-src 'self' 'sha256-{HIGHLIGHT_CSS_HASH}'; "
+                        f"frame-ancestors 'none'; base-uri 'self'; form-action 'self';"
+                    )
+                    if not config.CUSTOM_CONTENT_SECURITY_POLICY
+                    else config.CUSTOM_CONTENT_SECURITY_POLICY.format(
+                        HIGHLIGHT_CSS_HASH=HIGHLIGHT_CSS_HASH
+                    )
                )
                if not DEBUG:
                    headers["strict-transport-security"] = "max-age=63072000;"