SciPost Code Repository

Skip to content
Snippets Groups Projects
Commit 2d880e5a authored by Jean-Sébastien Caux's avatar Jean-Sébastien Caux
Browse files

Remove unsafe-inline from CSP script sources (report only for now)

parent ee3ab312
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
SciPost_v1/settings/base.py
+ 1
2
View file @ 2d880e5a
......@@ -189,7 +189,7 @@ MIDDLEWARE = (
)
SECURE_BROWSER_XSS_FILTER = True
SECURE_HSTS_SECONDS = 60
SECURE_HSTS_SECONDS = 120
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_CONTENT_TYPE_NOSNIFF = True
......@@ -203,7 +203,6 @@ CSP_IMG_SRC = ("'self'", 'scipost.org',
'data:', 'ajax.googleapis.com', 'assets.crossref.org',
'licensebuttons.net', 'crossmark-cdn.crossref.org')
CSP_SCRIPT_SRC = ("'self'", 'scipost.org',
"'unsafe-inline'",
'ajax.googleapis.com',
'cdnjs.cloudflare.com', 'crossmark-cdn.crossref.org',
'www.recaptcha.net', 'www.gstatic.com',
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

SciPost Code Repository