zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-16 22:44:11 +02:00
Code Issues Projects Releases Packages Wiki Activity

Further minimized CSP statements

Browse source
This commit is contained in:
CocoByte 2023-11-21 12:25:59 -07:00
parent 464791a326
commit 6e32651dad
No known key found for this signature in database
GPG key ID: BBFAA2526384C97F
1 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/registrar/config/settings.py
View file

@ -304,9 +304,8 @@ CSP_DEFAULT_SRC = allowed_sources
# explicitly set # explicitly set
CSP_FRAME_ANCESTORS = allowed_sources CSP_FRAME_ANCESTORS = allowed_sources
CSP_FORM_ACTION = allowed_sources CSP_FORM_ACTION = allowed_sources
CSP_SCRIPT_SRC_ELEM = allowed_sources_scripts CSP_SCRIPT_SRC_ELEM = ["'self'", "https://www.googletagmanager.com/"]
CSP_CONNECT_SRC = ["'self'", "https://www.google-analytics.com/"]
CSP_CONNECT_SRC = allowed_sources_scripts
CSP_INCLUDE_NONCE_IN = ["script-src-elem"] CSP_INCLUDE_NONCE_IN = ["script-src-elem"]
# Cross-Origin Resource Sharing (CORS) configuration # Cross-Origin Resource Sharing (CORS) configuration