File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Load diff This file was deleted.
Original file line number Diff line number Diff line change 44
55import environ
66import sentry_sdk
7+ from csp .constants import SELF
78from django .utils .translation import gettext_lazy as _
89from sentry_sdk .integrations .django import DjangoIntegration
910
10- from notification_service .constants import CSP
11-
1211checkout_dir = environ .Path (__file__ ) - 2
1312assert os .path .exists (checkout_dir ("manage.py" ))
1413
165164CORS_ALLOW_ALL_ORIGINS = env .bool ("CORS_ALLOW_ALL_ORIGINS" )
166165CORS_ALLOW_CREDENTIALS = True
167166
168- # Configure the default CSP rule for different source types
169- CSP_DEFAULT_SRC = [CSP .SELF ]
167+ # Configure default CSP rules for different source types
170168# NOTE: CSP_STYLE_SRC="'unsafe-inline'" is needed for the inline styles that are added
171169# by the `django-helusers` to the base_admin_site.html
172- CSP_STYLE_SRC = [CSP .SELF , CSP .UNSAFE_INLINE ]
170+ CONTENT_SECURITY_POLICY = {
171+ "DIRECTIVES" : {
172+ "default-src" : [SELF ],
173+ "style-src" : [SELF , "'unsafe-inline'" ],
174+ }
175+ }
173176
174177AUTHENTICATION_BACKENDS = [
175178 "helusers.tunnistamo_oidc.TunnistamoOIDCAuth" ,
You can’t perform that action at this time.
0 commit comments