Skip to content

Commit

Permalink
Extract styles to file and harden CSP
Browse files Browse the repository at this point in the history
  • Loading branch information
RealOrangeOne committed May 14, 2024
1 parent 2bde60e commit b526f15
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 15 deletions.
9 changes: 9 additions & 0 deletions calmerge/static/listing.css
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
table {
min-width: 50vw;
max-width: 100vw;
}

td {
text-align: center;
padding: 0.75rem;
}
12 changes: 1 addition & 11 deletions calmerge/templates/listing.html
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,7 @@
<head>
<title>Calmerge</title>
<meta name="robots" content="noindex" />
<style>
table {
min-width: 50vw;
max-width: 100vw;
}

td {
text-align: center;
padding: 0.75rem;
}
</style>
<link rel="stylesheet" href="/static/listing.css" />
</head>
<body>
<h1>Calmerge</h1>
Expand Down
10 changes: 6 additions & 4 deletions calmerge/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,7 @@ async def calendar_listing(request: web.Request) -> web.Response:
raise web.HTTPUnauthorized(headers={hdrs.WWW_AUTHENTICATE: "Basic"})

response = aiohttp_jinja2.render_template("listing.html", request, {})
response.headers["Content-Security-Policy"] = (
"default-src 'self'; style-src 'unsafe-inline'"
)
response.headers["Content-Security-Policy"] = "default-src 'self'"
return response


Expand All @@ -66,6 +64,10 @@ async def calendar_html(request: web.Request) -> web.Response:
if calendar_config is None:
raise web.HTTPNotFound()

return aiohttp_jinja2.render_template(
response = aiohttp_jinja2.render_template(
"calendar.html", request, {"calendar": calendar_config}
)
response.headers["Content-Security-Policy"] = (
"default-src 'self' https://cdn.jsdelivr.net 'unsafe-inline'; script-src 'self' https://cdn.jsdelivr.net; font-src data:"
)
return response

0 comments on commit b526f15

Please sign in to comment.