Skip to content

Commit

Permalink
[django] striktnejsi CSP #82
Browse files Browse the repository at this point in the history
  • Loading branch information
@rodlukas
rodlukas committed Apr 13, 2020
1 parent 1d0fd75 commit ddda2e6
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion up/settings/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,9 +185,10 @@
CSPURL_SENTRY = "https://sentry.io"

CSP_SELF = "'self'"
CSP_NONE = "'none'"

# CSP konfigurace
CSP_DEFAULT_SRC = ("'none'",)
CSP_DEFAULT_SRC = (CSP_NONE,)
CSP_STYLE_SRC = (
CSP_SELF,
"'unsafe-inline'",
Expand All @@ -197,3 +198,6 @@
CSP_SCRIPT_SRC = (CSP_SELF, CSPURL_SENTRY, CSPURL_GOOGLE_ANALYTICS, CSPURL_GOOGLE_ANALYTICS_SSL)
CSP_FONT_SRC = (CSP_SELF, CSPURL_GOOGLE_FONTS_FONT)
CSP_IMG_SRC = (CSP_SELF, CSPURL_GOOGLE_ANALYTICS, "data:")
CSP_FRAME_ANCESTORS = (CSP_NONE,)
CSP_FORM_ACTION = (CSP_NONE,)
CSP_BASE_URI = (CSP_NONE,)

0 comments on commit ddda2e6

Please sign in to comment.