zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-06 01:35:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

Convert CSP default src to tuple

Browse source
This commit is contained in:
Erin Song 2024-08-15 11:25:22 -07:00
parent 5cd5cd645a
commit 34c9cd2761
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/registrar/config/settings.py
View file

@ -357,9 +357,9 @@ CSP_FORM_ACTION = allowed_sources
# strict CSP by allowing scripts to run from their domain
# and inline with a nonce, as well as allowing connections back to their domain.
# Note: If needed, we can embed chart.js instead of using the CDN
CSP_DEFAULT_SRC = [
CSP_DEFAULT_SRC = (
"'self'",
]
)
CSP_STYLE_SRC = ["'self'", "https://www.ssa.gov", "'unsafe-inline'"]
CSP_SCRIPT_SRC_ELEM = [
"'self'",