diff --git a/files/helpers/config/const.py b/files/helpers/config/const.py index 505f77878..f4d968ad4 100644 --- a/files/helpers/config/const.py +++ b/files/helpers/config/const.py @@ -1143,6 +1143,6 @@ engine = create_engine(environ.get("DATABASE_URL").strip(), connect_args={"optio db_session = scoped_session(sessionmaker(bind=engine, autoflush=False)) approved_embed_hosts_for_csp = ' '.join([x.split('/')[0] for x in approved_embed_hosts]) -csp = f'''add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com; media-src 'self' {approved_embed_hosts_for_csp}; img-src 'self' {approved_embed_hosts_for_csp} data:; frame-src challenges.cloudflare.com www.youtube-nocookie.com platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' videos.watchpeopledie.tv use1.fptls.com use1.fptls3.com api.fpjs.io;";''' +csp = f'''add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com; frame-src challenges.cloudflare.com www.youtube-nocookie.com platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' videos.watchpeopledie.tv use1.fptls.com use1.fptls3.com api.fpjs.io; img-src {approved_embed_hosts_for_csp} data:; media-src {approved_embed_hosts_for_csp};";''' with open("includes/csp", "w", encoding="utf-8") as f: f.write(csp) diff --git a/includes/csp b/includes/csp index 3225a1d0b..eb9a42918 100644 --- a/includes/csp +++ b/includes/csp @@ -1 +1 @@ -add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com; media-src 'self' localhost rdrama.net i.rdrama.net watchpeopledie.tv i.watchpeopledie.tv videos.watchpeopledie.tv i.imgur.com i.imgur.io pomf2.lain.la i.giphy.com media.giphy.com media0.giphy.com media1.giphy.com media2.giphy.com media3.giphy.com media4.giphy.com media.tenor.com c.tenor.com thumbs.gfycat.com i.postimg.cc files.catbox.moe i.redd.it preview.redd.it external-preview.redd.it pbs.twimg.com i.pinimg.com kiwifarms.st uploads.kiwifarms.st upload.wikimedia.org live.staticflickr.com substackcdn.com i.kym-cdn.com i.kym-cdn.com 37.media.tumblr.com 64.media.tumblr.com 66.media.tumblr.com 78.media.tumblr.com i.ytimg.com fonts.googleapis.com raw.githubusercontent.com; img-src 'self' localhost rdrama.net i.rdrama.net watchpeopledie.tv i.watchpeopledie.tv videos.watchpeopledie.tv i.imgur.com i.imgur.io pomf2.lain.la i.giphy.com media.giphy.com media0.giphy.com media1.giphy.com media2.giphy.com media3.giphy.com media4.giphy.com media.tenor.com c.tenor.com thumbs.gfycat.com i.postimg.cc files.catbox.moe i.redd.it preview.redd.it external-preview.redd.it pbs.twimg.com i.pinimg.com kiwifarms.st uploads.kiwifarms.st upload.wikimedia.org live.staticflickr.com substackcdn.com i.kym-cdn.com i.kym-cdn.com 37.media.tumblr.com 64.media.tumblr.com 66.media.tumblr.com 78.media.tumblr.com i.ytimg.com fonts.googleapis.com raw.githubusercontent.com data:; frame-src challenges.cloudflare.com www.youtube-nocookie.com platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' videos.watchpeopledie.tv use1.fptls.com use1.fptls3.com api.fpjs.io;"; \ No newline at end of file +add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com; frame-src challenges.cloudflare.com www.youtube-nocookie.com platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' videos.watchpeopledie.tv use1.fptls.com use1.fptls3.com api.fpjs.io; img-src localhost rdrama.net i.rdrama.net watchpeopledie.tv i.watchpeopledie.tv videos.watchpeopledie.tv i.imgur.com i.imgur.io pomf2.lain.la i.giphy.com media.giphy.com media0.giphy.com media1.giphy.com media2.giphy.com media3.giphy.com media4.giphy.com media.tenor.com c.tenor.com thumbs.gfycat.com i.postimg.cc files.catbox.moe i.redd.it preview.redd.it external-preview.redd.it pbs.twimg.com i.pinimg.com kiwifarms.st uploads.kiwifarms.st upload.wikimedia.org live.staticflickr.com substackcdn.com i.kym-cdn.com i.kym-cdn.com 37.media.tumblr.com 64.media.tumblr.com 66.media.tumblr.com 78.media.tumblr.com i.ytimg.com fonts.googleapis.com raw.githubusercontent.com data:; media-src localhost rdrama.net i.rdrama.net watchpeopledie.tv i.watchpeopledie.tv videos.watchpeopledie.tv i.imgur.com i.imgur.io pomf2.lain.la i.giphy.com media.giphy.com media0.giphy.com media1.giphy.com media2.giphy.com media3.giphy.com media4.giphy.com media.tenor.com c.tenor.com thumbs.gfycat.com i.postimg.cc files.catbox.moe i.redd.it preview.redd.it external-preview.redd.it pbs.twimg.com i.pinimg.com kiwifarms.st uploads.kiwifarms.st upload.wikimedia.org live.staticflickr.com substackcdn.com i.kym-cdn.com i.kym-cdn.com 37.media.tumblr.com 64.media.tumblr.com 66.media.tumblr.com 78.media.tumblr.com i.ytimg.com fonts.googleapis.com raw.githubusercontent.com;"; \ No newline at end of file