From 7c29b913cdc19cde4f66459bee2d48d1d45a9f05 Mon Sep 17 00:00:00 2001 From: Yann Sionneau Date: Sat, 21 Dec 2019 23:05:46 +0100 Subject: [PATCH] Security: enable Content-Security-Policy header --- pytition/petition/static/css/petition.css | 3 ++- pytition/petition/templates/layouts/base.html | 6 +++--- .../petition/templates/layouts/edit_layout.html | 12 +++++++----- .../petition/templates/layouts/wizard_layout.html | 6 ++++-- .../templates/petition/account_settings.html | 2 +- .../petition/templates/petition/edit_petition.html | 14 ++++++++------ .../templates/petition/new_petition_step1.html | 4 ++-- .../templates/petition/new_petition_step2.html | 9 ++++++--- .../templates/petition/new_petition_step3.html | 8 +++++--- pytition/petition/templates/petition/org_base.html | 2 +- .../templates/petition/petition_change_form.html | 4 ++-- .../templates/petition/petition_detail.html | 10 +++++----- .../templates/petition/signature_change_form.html | 4 ++-- .../templates/petition/signature_data.html | 4 ++-- .../petition/templates/petition/user_base.html | 2 +- pytition/petition/views.py | 10 ++++++++-- pytition/pytition/settings/base.py | 12 +++++++++++- requirements.txt | 2 ++ 18 files changed, 72 insertions(+), 42 deletions(-) diff --git a/pytition/petition/static/css/petition.css b/pytition/petition/static/css/petition.css index 303323d2..fbea5e20 100644 --- a/pytition/petition/static/css/petition.css +++ b/pytition/petition/static/css/petition.css @@ -173,7 +173,8 @@ nav.navbar { .reassurance { padding-bottom: 30px; padding-top: 20px; - font-size: 11px + font-size: 11px; + text-align: justify } input[type=email], diff --git a/pytition/petition/templates/layouts/base.html b/pytition/petition/templates/layouts/base.html index e6a3cd24..249096da 100644 --- a/pytition/petition/templates/layouts/base.html +++ b/pytition/petition/templates/layouts/base.html @@ -55,9 +55,9 @@ - - - + + + {% block extrajs %} {% endblock %} diff --git a/pytition/petition/templates/layouts/edit_layout.html b/pytition/petition/templates/layouts/edit_layout.html index 835f1bb4..47a981b0 100644 --- a/pytition/petition/templates/layouts/edit_layout.html +++ b/pytition/petition/templates/layouts/edit_layout.html @@ -2,13 +2,15 @@ {% load i18n %} {% load static %} {% load petition_extras %} +{% load media_csp %} + {% block media %} {{ block.super }} - {{ content_form.media }} - {{ email_form.media }} - {{ newsletter_form.media }} - {{ social_network_form.media }} - {{ style_form.media }} + {% media_csp content_form %} + {% media_csp email_form %} + {% media_csp newsletter_form %} + {% media_csp social_network_form %} + {% media_csp style_form %} {% endblock %} {% block content %} diff --git a/pytition/petition/templates/layouts/wizard_layout.html b/pytition/petition/templates/layouts/wizard_layout.html index 64368a9f..20b35ede 100644 --- a/pytition/petition/templates/layouts/wizard_layout.html +++ b/pytition/petition/templates/layouts/wizard_layout.html @@ -3,12 +3,14 @@ {% load widget_tweaks %} {% load petition_extras %} {% load static %} +{% load media_csp %} + {% block media %} - {{ form.media }} + {% media_csp form %} {% endblock %} {% block extracss %} {{ block.super }} - + {% endblock %} {% block content %} diff --git a/pytition/petition/templates/petition/account_settings.html b/pytition/petition/templates/petition/account_settings.html index 3bb0879f..e004f564 100644 --- a/pytition/petition/templates/petition/account_settings.html +++ b/pytition/petition/templates/petition/account_settings.html @@ -132,7 +132,7 @@

diff --git a/pytition/petition/templates/petition/petition_detail.html b/pytition/petition/templates/petition/petition_detail.html index 8614b3b5..ed548a68 100644 --- a/pytition/petition/templates/petition/petition_detail.html +++ b/pytition/petition/templates/petition/petition_detail.html @@ -50,8 +50,8 @@ {% endblock %} {% block extracss %} - -