Skip to content

Commit

Permalink
Add configurable Content-Security-Policy headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@laymonage
laymonage committed Oct 28, 2022
1 parent e77a2cd commit 1bfa20d
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 2 deletions.
24 changes: 24 additions & 0 deletions apps/guide/settings/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,30 @@
"usb": [],
}

# Content Security policy settings
# http://django-csp.readthedocs.io/en/latest/configuration.html
if "CSP_DEFAULT_SRC" in env:
MIDDLEWARE.append("csp.middleware.CSPMiddleware")

# The “special” source values of
# 'self', 'unsafe-inline', 'unsafe-eval', and 'none' must be quoted!
# e.g.: CSP_DEFAULT_SRC = "'self'" Without quotes they will not work as intended.

CSP_DEFAULT_SRC = env.get("CSP_DEFAULT_SRC").split(",")
if "CSP_SCRIPT_SRC" in env:
CSP_SCRIPT_SRC = env.get("CSP_SCRIPT_SRC").split(",")
if "CSP_STYLE_SRC" in env:
CSP_STYLE_SRC = env.get("CSP_STYLE_SRC").split(",")
if "CSP_IMG_SRC" in env:
CSP_IMG_SRC = env.get("CSP_IMG_SRC").split(",")
if "CSP_CONNECT_SRC" in env:
CSP_CONNECT_SRC = env.get("CSP_CONNECT_SRC").split(",")
if "CSP_FONT_SRC" in env:
CSP_FONT_SRC = env.get("CSP_FONT_SRC").split(",")
if "CSP_BASE_URI" in env:
CSP_BASE_URI = env.get("CSP_BASE_URI").split(",")
if "CSP_OBJECT_SRC" in env:
CSP_OBJECT_SRC = env.get("CSP_OBJECT_SRC").split(",")

# Internationalization
# https://docs.djangoproject.com/en/4.0/topics/i18n/
Expand Down
21 changes: 20 additions & 1 deletion poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ whitenoise = "6.2.0"
psycopg2 = "2.9.3"
wagtail-localize = "^1.3.1"
django-permissions-policy = "^4.13.0"
django-csp = "^3.7"

[tool.poetry.group.dev.dependencies]
black = "^22.10.0"
Expand Down
3 changes: 2 additions & 1 deletion setup.cfg
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
[flake8]
ignore = C901,W503
max-line-length = 88
max-complexity = 8
exclude = */migrations/*
Expand All @@ -22,4 +23,4 @@ omit =
*migrations*

[coverage:report]
show_missing = True
show_missing = True

0 comments on commit 1bfa20d

Please sign in to comment.