vbatts/microblog.pub
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master' into feature/csp-compatible

Browse source
This commit is contained in:
hiromi-mi 2020-06-19 21:39:18 +09:00
commit 51a424aa15
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app.py
View file

@ -96,13 +96,14 @@ app.register_blueprint(blueprints.well_known.blueprint)
app.config.update(WTF_CSRF_CHECK_DEFAULT=False) app.config.update(WTF_CSRF_CHECK_DEFAULT=False)
app.config.update(SESSION_COOKIE_SECURE=True if config.SCHEME == "https" else False) app.config.update(SESSION_COOKIE_SECURE=True if config.SCHEME == "https" else False)
csrf.init_app(app)
csp = { csp = {
"default-src": "'self'", "default-src": "'self'",
"script-src": "'self'", "script-src": "'self'",
"style-src-attr": "'unsafe-inline'", "style-src-attr": "'unsafe-inline'",
} }
csrf.init_app(app)
talisman = Talisman( talisman = Talisman(
app, app,
content_security_policy=csp, content_security_policy=csp,