Skip to content

Commit

Permalink
Merge pull request #302 from cweider/csp-report-uri
Browse files Browse the repository at this point in the history 
feat(security): add CSP violation reporting
  • Loading branch information
@mlissner
mlissner authored Jul 5, 2023
2 parents d21b923 + 30898f4 commit dec8889
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 0 deletions.
1 change: 1 addition & 0 deletions .env.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ RQ_RETRY_INTERVAL=20
# sentry.py
SENTRY_DSN=""
SENTRY_SAMPLE_TRACE=1.0
SENTRY_REPORT_URI=""

# twitter.py
TWITTER_CONSUMER_KEY=""
Expand Down
4 changes: 4 additions & 0 deletions bc/settings/project/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

from ..django import DEVELOPMENT, INSTALLED_APPS
from ..third_party.aws import AWS_S3_CUSTOM_DOMAIN
from ..third_party.sentry import SENTRY_REPORT_URI

env = environ.FileAwareEnv()

Expand All @@ -30,6 +31,9 @@
AWS_S3_CUSTOM_DOMAIN,
"https://newassets.hcaptcha.com/",
)
if SENTRY_REPORT_URI:
CSP_REPORT_URI = SENTRY_REPORT_URI


RATELIMIT_VIEW = "bc.web.views.ratelimited"

Expand Down
1 change: 1 addition & 0 deletions bc/settings/third_party/sentry.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
env = environ.FileAwareEnv()
SENTRY_DSN = env("SENTRY_DSN", default="")
SENTRY_SAMPLE_TRACE = env("SENTRY_SAMPLE_TRACE", default=1.0)
SENTRY_REPORT_URI = env("SENTRY_REPORT_URI", default="")


if SENTRY_DSN:
Expand Down

0 comments on commit dec8889

Please sign in to comment.