zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-14 06:55:08 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update src/registrar/config/settings.py

Browse source 
Co-authored-by: Neil MartinsenBurrell <neil.martinsen-burrell@gsa.gov>
This commit is contained in:
CuriousX 2023-11-21 13:12:02 -07:00 committed by GitHub
parent 6e32651dad
commit ee2bb38e15
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/registrar/config/settings.py
View file

@ -304,6 +304,10 @@ CSP_DEFAULT_SRC = allowed_sources
# explicitly set # explicitly set
CSP_FRAME_ANCESTORS = allowed_sources CSP_FRAME_ANCESTORS = allowed_sources
CSP_FORM_ACTION = allowed_sources CSP_FORM_ACTION = allowed_sources
# Google analytics requires that we relax our otherwise
# strict CSP by allowing scripts to run from their domain
# and inline with a nonce, as well as allowing connections back to their domain
CSP_SCRIPT_SRC_ELEM = ["'self'", "https://www.googletagmanager.com/"] CSP_SCRIPT_SRC_ELEM = ["'self'", "https://www.googletagmanager.com/"]
CSP_CONNECT_SRC = ["'self'", "https://www.google-analytics.com/"] CSP_CONNECT_SRC = ["'self'", "https://www.google-analytics.com/"]
CSP_INCLUDE_NONCE_IN = ["script-src-elem"] CSP_INCLUDE_NONCE_IN = ["script-src-elem"]