Merge remote-tracking branch 'origin/master'

# Conflicts: # .pre-commit-config.yaml # Dockerfile # frontend/package-lock.json # frontend/package.json # poetry.lock # pyproject.toml
2025-12-06 06:17:17 +00:00 · 2025-04-02 11:35:56 +01:00
parent 871f930727 3ae5b6b23b
commit 708df71220
21 changed files with 138 additions and 512 deletions
--- a/cbreader/settings/base.py
+++ b/cbreader/settings/base.py
@@ -6,6 +6,7 @@ Django settings for cbreader project.
 import os
 from datetime import timedelta
 from pathlib import Path
+from typing import Dict, List

 import dj_database_url
 from dotenv import load_dotenv
@@ -27,7 +28,7 @@ ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS", "localhost").split(",")

 # Application definition

-INSTALLED_APPS = (
+INSTALLED_APPS = [
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
@@ -46,7 +47,7 @@ INSTALLED_APPS = (
    'django_filters',
    'rest_framework',
    # 'silk'
-)
+]

 MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
@@ -58,8 +59,7 @@ MIDDLEWARE = [
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
-    # 'silk.middleware.SilkyMiddleware',
-    # 'csp.middleware.CSPMiddleware',
+    'csp.middleware.CSPMiddleware',
 ]

 ROOT_URLCONF = "cbreader.urls"
@@ -191,16 +191,19 @@ BOOTSTRAP4 = {
    },
 }
 CSP_DEFAULT_SRC = ("'none'",)
-CSP_STYLE_SRC = ("'self'", "'sha256-MBVp6JYxbC/wICelYC6eULCRpgi9kGezXXSaq/TS2+I='")
+CSP_STYLE_SRC = (
+    "'self'",
+    "'unsafe-inline'"
+)
 CSP_IMG_SRC = ("'self'", "data:")
 CSP_FONT_SRC = ("'self'",)
-CSP_SCRIPT_SRC = ("'self'",)
+CSP_SCRIPT_SRC = ("'self'", "'sha256-IYBrMxCTJ62EwagLTIRncEIpWwTmoXcXkqv3KZm/Wik='")
 CSP_CONNECT_SRC = ("'self'",)
 CSP_INCLUDE_NONCE_IN = ['script-src']
-CSP_SCRIPT_SRC_ATTR = ("'self'",)# "'unsafe-inline'")
+CSP_SCRIPT_SRC_ATTR = ("'self'",)  # "'unsafe-inline'")


-PERMISSIONS_POLICY = {
+PERMISSIONS_POLICY: Dict[str, List] = {
    "accelerometer": [],
    "ambient-light-sensor": [],
    "autoplay": [],
--- a/cbreader/settings/dev.py
+++ b/cbreader/settings/dev.py
@@ -1,30 +1,11 @@
-from .base import *
+from .base import INSTALLED_APPS, MIDDLEWARE, SILK_ENABLED

-INSTALLED_APPS = (
-    "django.contrib.admin",
-    "django.contrib.auth",
-    "django.contrib.contenttypes",
-    "django.contrib.sessions",
-    "django.contrib.messages",
-    "django.contrib.staticfiles",
-    'silk',
-    "snowpenguin.django.recaptcha2",
-    'bootstrap4',
-    "comic",
-    "comic_auth",
-)
+INSTALLED_APPS += ["silk"]

-MIDDLEWARE = [
-    "django.middleware.security.SecurityMiddleware",
-    "django.contrib.sessions.middleware.SessionMiddleware",
-    "django.middleware.common.CommonMiddleware",
-    "django.middleware.csrf.CsrfViewMiddleware",
-    "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "django.contrib.messages.middleware.MessageMiddleware",
-    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+MIDDLEWARE += [
    'silk.middleware.SilkyMiddleware',
 ]

-SILK_ENABLED = True
+SILK_ENABLED = True  # noqa: F811

 SILKY_PYTHON_PROFILER = True