From 5e2d3ae874801a60205dc7fc566c76462f59288f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-S=C3=A9bastien=20Caux?= <git@jscaux.org>
Date: Mon, 31 Jan 2022 10:42:27 +0100
Subject: [PATCH] Fixes SCIPOST-1BB

---
 scipost_django/SciPost_v1/settings/base.py           | 10 +++++-----
 scipost_django/SciPost_v1/settings/production.py     |  2 +-
 scipost_django/SciPost_v1/settings/production_do1.py |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/scipost_django/SciPost_v1/settings/base.py b/scipost_django/SciPost_v1/settings/base.py
index 1b0146146..7fe747675 100644
--- a/scipost_django/SciPost_v1/settings/base.py
+++ b/scipost_django/SciPost_v1/settings/base.py
@@ -226,18 +226,18 @@ SECURE_HSTS_PRELOAD = True
 SECURE_CONTENT_TYPE_NOSNIFF = True
 X_FRAME_OPTIONS = 'DENY'
 REFERRER_POLICY = 'same-origin'
-CSP_FONT_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_FONT_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                 'data:', 'fonts.gstatic.com', 'cdnjs.cloudflare.com',
                 'www.google.com', 'themes.googleusercontent.com')
-CSP_FRAME_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_FRAME_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                  'crossmark.crossref.org',
                  'www.google.com', 'player.vimeo.com', 'www.youtube-nocookie.com',
                  'www.recaptcha.net', 'www.mendeley.com', 'plaudit.pub')
-CSP_IMG_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_IMG_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                'data:', 'ajax.googleapis.com', 'assets.crossref.org',
                'licensebuttons.net', 'crossmark-cdn.crossref.org',
                'www.paypalobjects.com')
-CSP_SCRIPT_SRC = ("'self'", 'scipost.org', "'report-sample'", "'unsafe-inline'",
+CSP_SCRIPT_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'", "'unsafe-inline'",
                   'ajax.googleapis.com', 'cdn.mathjax.org',
                   'cdnjs.cloudflare.com',
                   'crossmark-cdn.crossref.org',
@@ -247,7 +247,7 @@ CSP_SCRIPT_SRC = ("'self'", 'scipost.org', "'report-sample'", "'unsafe-inline'",
                   'cdn.plot.ly',
                   'unpkg.com/htmx.org@1.6.0'
                   )
-CSP_STYLE_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_STYLE_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                  'crossmark-cdn.crossref.org',
                  "'unsafe-inline'", 'ajax.googleapis.com', 'code.jquery.com',
                  'fonts.googleapis.com',
diff --git a/scipost_django/SciPost_v1/settings/production.py b/scipost_django/SciPost_v1/settings/production.py
index b30235f9a..f33855161 100644
--- a/scipost_django/SciPost_v1/settings/production.py
+++ b/scipost_django/SciPost_v1/settings/production.py
@@ -6,7 +6,7 @@ from .base import *
 
 # THE MAIN THING HERE
 DEBUG = False
-ALLOWED_HOSTS = ['www.scipost.org', 'scipost.org']
+ALLOWED_HOSTS = ['scipost.org', 'www.scipost.org']
 
 # Static and media
 STATIC_URL = 'https://scipost.org/static/'
diff --git a/scipost_django/SciPost_v1/settings/production_do1.py b/scipost_django/SciPost_v1/settings/production_do1.py
index 70c412817..010f16fe8 100644
--- a/scipost_django/SciPost_v1/settings/production_do1.py
+++ b/scipost_django/SciPost_v1/settings/production_do1.py
@@ -6,7 +6,7 @@ from .base import *
 
 # THE MAIN THING HERE
 DEBUG = False
-ALLOWED_HOSTS = ['www.scipost.org', 'scipost.org', 'localhost', '142.93.224.252']
+ALLOWED_HOSTS = ['scipost.org', 'www.scipost.org', 'localhost', '142.93.224.252']
 
 # Static and media
 STATIC_URL = 'https://scipost.org/static/'
-- 
GitLab