Skip to content

Commit ac20b9f

Browse files
committed
feat: migrate to django-csp 4.0
Refs: NS-193
1 parent e0e2137 commit ac20b9f

2 files changed

Lines changed: 8 additions & 16 deletions

File tree

notification_service/constants.py

Lines changed: 0 additions & 11 deletions
This file was deleted.

notification_service/settings.py

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,10 @@
44

55
import environ
66
import sentry_sdk
7+
from csp.constants import SELF
78
from django.utils.translation import gettext_lazy as _
89
from sentry_sdk.integrations.django import DjangoIntegration
910

10-
from notification_service.constants import CSP
11-
1211
checkout_dir = environ.Path(__file__) - 2
1312
assert os.path.exists(checkout_dir("manage.py"))
1413

@@ -165,11 +164,15 @@
165164
CORS_ALLOW_ALL_ORIGINS = env.bool("CORS_ALLOW_ALL_ORIGINS")
166165
CORS_ALLOW_CREDENTIALS = True
167166

168-
# Configure the default CSP rule for different source types
169-
CSP_DEFAULT_SRC = [CSP.SELF]
167+
# Configure default CSP rules for different source types
170168
# NOTE: CSP_STYLE_SRC="'unsafe-inline'" is needed for the inline styles that are added
171169
# by the `django-helusers` to the base_admin_site.html
172-
CSP_STYLE_SRC = [CSP.SELF, CSP.UNSAFE_INLINE]
170+
CONTENT_SECURITY_POLICY = {
171+
"DIRECTIVES": {
172+
"default-src": [SELF],
173+
"style-src": [SELF, "'unsafe-inline'"],
174+
}
175+
}
173176

174177
AUTHENTICATION_BACKENDS = [
175178
"helusers.tunnistamo_oidc.TunnistamoOIDCAuth",

0 commit comments

Comments
 (0)