zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-20 17:56:11 +02:00
Code Issues Projects Releases Packages Wiki Activity

linted

Browse source
This commit is contained in:
CocoByte 2023-11-20 18:08:28 -07:00
parent d10e68665b
commit c6864b4e50
No known key found for this signature in database
GPG key ID: BBFAA2526384C97F
1 changed files with 3 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/registrar/config/settings.py
View file

@ -297,14 +297,8 @@ SERVER_EMAIL = "root@get.gov"
# Content-Security-Policy configuration # Content-Security-Policy configuration
# this can be restrictive because we have few external scripts # this can be restrictive because we have few external scripts
allowed_sources = ( allowed_sources = "'self'"
"'self'" allowed_sources_scripts = ["'self'", "https://www.googletagmanager.com/", "https://www.google-analytics.com/"]
)
allowed_sources_scripts = [
"'self'",
"https://www.googletagmanager.com/",
"https://www.google-analytics.com/"
]
CSP_DEFAULT_SRC = allowed_sources CSP_DEFAULT_SRC = allowed_sources
# Most things fall back to default-src, but the following do not and should be # Most things fall back to default-src, but the following do not and should be
# explicitly set # explicitly set
@ -313,10 +307,7 @@ CSP_FORM_ACTION = allowed_sources
CSP_SCRIPT_SRC_ELEM = allowed_sources_scripts CSP_SCRIPT_SRC_ELEM = allowed_sources_scripts
CSP_SCRIPT_SRC = allowed_sources_scripts CSP_SCRIPT_SRC = allowed_sources_scripts
CSP_CONNECT_SRC = allowed_sources_scripts CSP_CONNECT_SRC = allowed_sources_scripts
CSP_INCLUDE_NONCE_IN = [ CSP_INCLUDE_NONCE_IN = ["script-src", "script-src-elem"]
'script-src',
'script-src-elem'
]
# Cross-Origin Resource Sharing (CORS) configuration # Cross-Origin Resource Sharing (CORS) configuration
# Sets clients that allow access control to manage.get.gov # Sets clients that allow access control to manage.get.gov