Skip to content

Commit

Permalink
Merge branch 'main' into web-chores
Browse files Browse the repository at this point in the history
  • Loading branch information
@mlissner
mlissner authored Jul 19, 2023
2 parents 64e5b47 + 140030d commit 5b07e83
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion cl/settings/project/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,11 @@
"data:", # @tailwindcss/forms uses data URIs for images.
"https://*.stripe.com",
)
CSP_MEDIA_SRC = (
"'self'",
f"https://{AWS_S3_CUSTOM_DOMAIN}/",
"data:", # Some browser extensions like this.
)
CSP_OBJECT_SRC = (
"'self'",
f"https://{AWS_S3_CUSTOM_DOMAIN}/", # for embedded PDFs
Expand All @@ -134,7 +139,7 @@
"'self'",
f"https://{AWS_S3_CUSTOM_DOMAIN}/",
)
CSP_BASE_URI = "'none'"
CSP_BASE_URI = "'self'"
CSP_INCLUDE_NONCE_IN = ["script-src"]
if not any(
(DEVELOPMENT, TESTING)
Expand Down

0 comments on commit 5b07e83

Please sign in to comment.