Skip to content

Commit

Permalink
Add configurable Content-Security-Policy headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@laymonage @thibaudcolas
laymonage authored and thibaudcolas committed Nov 15, 2023
1 parent 27d7be2 commit bdc44b9
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 3 deletions.
24 changes: 24 additions & 0 deletions apps/guide/settings/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,30 @@
"usb": [],
}

# Content Security policy settings
# http://django-csp.readthedocs.io/en/latest/configuration.html
if "CSP_DEFAULT_SRC" in env:
MIDDLEWARE.append("csp.middleware.CSPMiddleware")

# The “special” source values of
# 'self', 'unsafe-inline', 'unsafe-eval', and 'none' must be quoted!
# e.g.: CSP_DEFAULT_SRC = "'self'" Without quotes they will not work as intended.

CSP_DEFAULT_SRC = env.get("CSP_DEFAULT_SRC").split(",")
if "CSP_SCRIPT_SRC" in env:
CSP_SCRIPT_SRC = env.get("CSP_SCRIPT_SRC").split(",")
if "CSP_STYLE_SRC" in env:
CSP_STYLE_SRC = env.get("CSP_STYLE_SRC").split(",")
if "CSP_IMG_SRC" in env:
CSP_IMG_SRC = env.get("CSP_IMG_SRC").split(",")
if "CSP_CONNECT_SRC" in env:
CSP_CONNECT_SRC = env.get("CSP_CONNECT_SRC").split(",")
if "CSP_FONT_SRC" in env:
CSP_FONT_SRC = env.get("CSP_FONT_SRC").split(",")
if "CSP_BASE_URI" in env:
CSP_BASE_URI = env.get("CSP_BASE_URI").split(",")
if "CSP_OBJECT_SRC" in env:
CSP_OBJECT_SRC = env.get("CSP_OBJECT_SRC").split(",")

# Internationalization
# https://docs.djangoproject.com/en/4.0/topics/i18n/
Expand Down
36 changes: 34 additions & 2 deletions poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ whitenoise = ">=6.6,<6.7"
psycopg2 = "2.9.9"
wagtail-localize = "1.7rc1"
django-permissions-policy = "^4.13.0"
django-csp = "^3.7"

[tool.poetry.group.dev.dependencies]
ruff = "^0.1.4"
Expand Down
33 changes: 32 additions & 1 deletion setup.cfg
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,34 @@
<<<<<<< HEAD
||||||| parent of 1bfa20d (Add configurable Content-Security-Policy headers)
[flake8]
max-line-length = 88
max-complexity = 8
exclude = */migrations/*

[isort]
skip_glob=
env/*
venv/*
*/migrations/*
profile = black
known_first_party = apps

=======
[flake8]
ignore = C901,W503
max-line-length = 88
max-complexity = 8
exclude = */migrations/*

[isort]
skip_glob=
env/*
venv/*
*/migrations/*
profile = black
known_first_party = apps

>>>>>>> 1bfa20d (Add configurable Content-Security-Policy headers)
[coverage:run]
source = .
omit =
Expand All @@ -9,4 +40,4 @@ omit =
*migrations*

[coverage:report]
show_missing = True
show_missing = True

0 comments on commit bdc44b9

Please sign in to comment.