Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Commit

Permalink
Fold script-srcs together
Browse files Browse the repository at this point in the history
  • Loading branch information
@chadwhitacre
chadwhitacre committed Dec 22, 2016
1 parent 821eae2 commit 75ce62f
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 4 deletions.
3 changes: 1 addition & 2 deletions gratipay/security/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,10 @@ def add_headers_to_response(response):
# Allow fonts from cloud.typography.com.
if 'content-security-policy' not in response.headers:
response.headers['content-security-policy'] = ("default-src 'self';"
"script-src assets.gratipay.com;"
"script-src assets.gratipay.com 'unsafe-inline';"
'style-src assets.gratipay.com cloud.typography.com;'
'img-src *;'
'font-src assets.gratipay.com cloud.typography.com;'
"script-src 'unsafe-inline'"
'upgrade-insecure-requests;'
'block-all-mixed-content;'
'reflected-xss block;')
3 changes: 1 addition & 2 deletions tests/py/test_security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,10 @@ def test_ahtr_sets_x_xss_protection(self):
def test_ahtr_sets_content_security_policy(self):
headers = self.client.GET('/about/').headers
policy = ("default-src 'self';"
'script-src assets.gratipay.com;'
"script-src assets.gratipay.com 'unsafe-inline';"
'style-src assets.gratipay.com cloud.typography.com;'
'img-src *;'
'font-src assets.gratipay.com cloud.typography.com;'
"script-src 'unsafe-inline'"
'upgrade-insecure-requests;'
'block-all-mixed-content;'
'reflected-xss block;')
Expand Down

0 comments on commit 75ce62f

Please sign in to comment.