remove ajax.cloudflare.com from CSP

master
Aevann1 2022-11-09 21:49:50 +02:00
parent a4bf57ae0d
commit 9e6324d7ca
4 changed files with 4 additions and 4 deletions

View File

@ -48,7 +48,7 @@ KOFI_LINK = environ.get("KOFI_LINK", "").strip()
PUSHER_ID_CSP = ""
if PUSHER_ID != "blahblahblah":
PUSHER_ID_CSP = f" {PUSHER_ID}.pushnotifications.pusher.com"
CONTENT_SECURITY_POLICY_DEFAULT = "script-src 'self' 'unsafe-inline' ajax.cloudflare.com; connect-src 'self'; object-src 'none';"
CONTENT_SECURITY_POLICY_DEFAULT = "script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';"
CONTENT_SECURITY_POLICY_HOME = f"script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' tls-use1.fpapi.io api.fpjs.io{PUSHER_ID_CSP}; object-src 'none';"
CLOUDFLARE_COOKIE_VALUE = "yes."

View File

@ -3,7 +3,7 @@
<head>
<meta name="description" content="The true home of IP2.">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' ajax.cloudflare.com; connect-src 'self'; object-src 'none';">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">
<style>
:root{--primary:#ff66ac}

View File

@ -3,7 +3,7 @@
<head>
<meta name="description" content="People die and this is the place to see it. You only have one life, don't make the mistakes seen here.">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' ajax.cloudflare.com; connect-src 'self'; object-src 'none';">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">
<style>
:root{--primary:#ff66ac}

View File

@ -3,7 +3,7 @@
<head>
<meta name="description" content="rdrama.net caters to drama in all forms such as: Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn&#39;t drama we won&#39;t touch, and we want it all!">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' ajax.cloudflare.com; connect-src 'self'; object-src 'none';">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">
<style>
:root{--primary:#ff66ac}