Fixes SCIPOST-1BB

5e2d3ae8 · Jean-Sébastien Caux · 0889ad1b · 5e2d3ae8 · 5e2d3ae8 · 5e2d3ae8
Commit 5e2d3ae8 authored 3 years ago by Jean-Sébastien Caux
--- a/scipost_django/SciPost_v1/settings/base.py
+++ b/scipost_django/SciPost_v1/settings/base.py
@@ -226,18 +226,18 @@ SECURE_HSTS_PRELOAD = True
 SECURE_CONTENT_TYPE_NOSNIFF = True
 X_FRAME_OPTIONS = 'DENY'
 REFERRER_POLICY = 'same-origin'
-CSP_FONT_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_FONT_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                'data:', 'fonts.gstatic.com', 'cdnjs.cloudflare.com',
                'www.google.com', 'themes.googleusercontent.com')
-CSP_FRAME_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_FRAME_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                 'crossmark.crossref.org',
                 'www.google.com', 'player.vimeo.com', 'www.youtube-nocookie.com',
                 'www.recaptcha.net', 'www.mendeley.com', 'plaudit.pub')
-CSP_IMG_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_IMG_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
               'data:', 'ajax.googleapis.com', 'assets.crossref.org',
               'licensebuttons.net', 'crossmark-cdn.crossref.org',
               'www.paypalobjects.com')
-CSP_SCRIPT_SRC = ("'self'", 'scipost.org', "'report-sample'", "'unsafe-inline'",
+CSP_SCRIPT_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'", "'unsafe-inline'",
                  'ajax.googleapis.com', 'cdn.mathjax.org',
                  'cdnjs.cloudflare.com',
                  'crossmark-cdn.crossref.org',
@@ -247,7 +247,7 @@ CSP_SCRIPT_SRC = ("'self'", 'scipost.org', "'report-sample'", "'unsafe-inline'",
                  'cdn.plot.ly',
                  'unpkg.com/htmx.org@1.6.0'
                  )
-CSP_STYLE_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_STYLE_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                 'crossmark-cdn.crossref.org',
                 "'unsafe-inline'", 'ajax.googleapis.com', 'code.jquery.com',
                 'fonts.googleapis.com',

--- a/scipost_django/SciPost_v1/settings/production.py
+++ b/scipost_django/SciPost_v1/settings/production.py
@@ -6,7 +6,7 @@ from .base import *
 # THE MAIN THING HERE
 DEBUG = False
-ALLOWED_HOSTS = ['www.scipost.org', 'scipost.org']
+ALLOWED_HOSTS = ['scipost.org', 'www.scipost.org']
 # Static and media
 STATIC_URL = 'https://scipost.org/static/'

--- a/scipost_django/SciPost_v1/settings/production_do1.py
+++ b/scipost_django/SciPost_v1/settings/production_do1.py
@@ -6,7 +6,7 @@ from .base import *
 # THE MAIN THING HERE
 DEBUG = False
-ALLOWED_HOSTS = ['www.scipost.org', 'scipost.org', 'localhost', '142.93.224.252']
+ALLOWED_HOSTS = ['scipost.org', 'www.scipost.org', 'localhost', '142.93.224.252']
 # Static and media
 STATIC_URL = 'https://scipost.org/static/'