ajurna/cbwebreader
1
0
Fork 0
mirror of https://github.com/ajurna/cbwebreader.git synced 2025-12-06 14:17:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

adding csp

Browse Source
This commit is contained in:
Ajurna
2021-04-29 23:07:57 +01:00
parent c8ffb55bbe
commit 5eecbf1075
3 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cbreader/settings/base.py
View File

@@ -50,6 +50,7 @@ MIDDLEWARE = [
"django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware", "django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware",
'csp.middleware.CSPMiddleware',
] ]
ROOT_URLCONF = "cbreader.urls" ROOT_URLCONF = "cbreader.urls"
@@ -145,3 +146,6 @@ BOOTSTRAP4 = {
"crossorigin": "anonymous", "crossorigin": "anonymous",
}, },
} }
CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'", 'cdn.jsdelivr.net', 'cdn.datatables.net', 'i.creativecommons.org',
'code.jquery.com', 'licensebuttons.net', 'www.w3.org')
CSP_IMG_SRC = ("'self'", 'i.creativecommons.org', 'licensebuttons.net')

21
poetry.lock generated
View File

@@ -119,6 +119,21 @@ python-versions = ">=3.6"
beautifulsoup4 = ">=4.8.0" beautifulsoup4 = ">=4.8.0"
Django = ">=2.2" Django = ">=2.2"
[[package]]
name = "django-csp"
version = "3.7"
description = "Django Content Security Policy support."
category = "main"
optional = false
python-versions = "*"
[package.dependencies]
Django = ">=1.8"
[package.extras]
jinja2 = ["jinja2 (>=2.9.6)"]
tests = ["pytest (<4.0)", "pytest-django", "pytest-flakes (==1.0.1)", "pytest-pep8 (==1.0.6)", "pep8 (==1.4.6)", "mock (==1.0.1)", "six (==1.12.0)", "jinja2 (>=2.9.6)"]
[[package]] [[package]]
name = "django-extensions" name = "django-extensions"
version = "3.1.3" version = "3.1.3"
@@ -455,7 +470,7 @@ dev = ["pytest (>=4.6.2)", "black (>=19.3b0)"]
[metadata] [metadata]
lock-version = "1.1" lock-version = "1.1"
python-versions = "^3.8" python-versions = "^3.8"
content-hash = "c099b73f4400e26ba585774697d71eb475d22e365ad1ce9e6699086b30f403ad" content-hash = "71642aa577156d70c6033dbc260a2ab03d247a17d9b0b0500a9c9a0e0228fd68"
[metadata.files] [metadata.files]
asgiref = [ asgiref = [
@@ -553,6 +568,10 @@ django-bootstrap4 = [
{file = "django-bootstrap4-3.0.0.tar.gz", hash = "sha256:bffc96f65386fbd49cae1474393e01d4b414c12fcab0fff50545e6142e7ba19b"}, {file = "django-bootstrap4-3.0.0.tar.gz", hash = "sha256:bffc96f65386fbd49cae1474393e01d4b414c12fcab0fff50545e6142e7ba19b"},
{file = "django_bootstrap4-3.0.0-py3-none-any.whl", hash = "sha256:76a52fb22a8d3dbb2f7609b21908ce863e941a4462be079bf1d12025e551af37"}, {file = "django_bootstrap4-3.0.0-py3-none-any.whl", hash = "sha256:76a52fb22a8d3dbb2f7609b21908ce863e941a4462be079bf1d12025e551af37"},
] ]
django-csp = [
{file = "django_csp-3.7-py2.py3-none-any.whl", hash = "sha256:01443a07723f9a479d498bd7bb63571aaa771e690f64bde515db6cdb76e8041a"},
{file = "django_csp-3.7.tar.gz", hash = "sha256:01eda02ad3f10261c74131cdc0b5a6a62b7c7ad4fd017fbefb7a14776e0a9727"},
]
django-extensions = [ django-extensions = [
{file = "django-extensions-3.1.3.tar.gz", hash = "sha256:5f0fea7bf131ca303090352577a9e7f8bfbf5489bd9d9c8aea9401db28db34a0"}, {file = "django-extensions-3.1.3.tar.gz", hash = "sha256:5f0fea7bf131ca303090352577a9e7f8bfbf5489bd9d9c8aea9401db28db34a0"},
{file = "django_extensions-3.1.3-py3-none-any.whl", hash = "sha256:50de8977794a66a91575dd40f87d5053608f679561731845edbd325ceeb387e3"}, {file = "django_extensions-3.1.3-py3-none-any.whl", hash = "sha256:50de8977794a66a91575dd40f87d5053608f679561731845edbd325ceeb387e3"},

1
pyproject.toml
View File

@@ -26,6 +26,7 @@ Pillow = "^8.2.0"
django-imagekit = "^4.0.2" django-imagekit = "^4.0.2"
PyMuPDF = "^1.18.12" PyMuPDF = "^1.18.12"
django-bootstrap4 = "^3.0.0" django-bootstrap4 = "^3.0.0"
django-csp = "^3.7"
[tool.poetry.dev-dependencies] [tool.poetry.dev-dependencies]
mypy = "^0.812" mypy = "^0.812"