move CSP to nginx-level
parent
3e80476b86
commit
0fd8157fa6
|
@ -42,11 +42,6 @@ FP = environ.get("FP", "").strip()
|
|||
KOFI_TOKEN = environ.get("KOFI_TOKEN", "").strip()
|
||||
KOFI_LINK = environ.get("KOFI_LINK", "").strip()
|
||||
|
||||
PUSHER_ID_CSP = ""
|
||||
if PUSHER_ID != DEFAULT_CONFIG_VALUE:
|
||||
PUSHER_ID_CSP = f" {PUSHER_ID}.pushnotifications.pusher.com"
|
||||
CONTENT_SECURITY_POLICY_DEFAULT = "script-src 'self' 'unsafe-inline' challenges.cloudflare.com; connect-src 'self'; object-src 'none';"
|
||||
CONTENT_SECURITY_POLICY_HOME = f"script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' tls-use1.fpapi.io api.fpjs.io{PUSHER_ID_CSP}; object-src 'none';"
|
||||
|
||||
CLOUDFLARE_COOKIE_VALUE = "yes." # remember to change this in CloudFlare too
|
||||
|
||||
|
|
|
@ -59,8 +59,6 @@ def inject_constants():
|
|||
"site_settings":get_settings(), "EMAIL":EMAIL, "calc_users":calc_users,
|
||||
"max": max, "min": min, "user_can_see":User.can_see,
|
||||
"TELEGRAM_LINK":TELEGRAM_LINK, "EMAIL_REGEX_PATTERN":EMAIL_REGEX_PATTERN,
|
||||
"CONTENT_SECURITY_POLICY_DEFAULT":CONTENT_SECURITY_POLICY_DEFAULT,
|
||||
"CONTENT_SECURITY_POLICY_HOME":CONTENT_SECURITY_POLICY_HOME,
|
||||
"TRUESCORE_DONATE_MINIMUM":TRUESCORE_DONATE_MINIMUM,
|
||||
"DONATE_LINK":DONATE_LINK, "DONATE_SERVICE":DONATE_SERVICE, "BAN_EVASION_DOMAIN":BAN_EVASION_DOMAIN,
|
||||
"HOUSE_JOIN_COST":HOUSE_JOIN_COST, "HOUSE_SWITCH_COST":HOUSE_SWITCH_COST, "IMAGE_FORMATS":IMAGE_FORMATS,
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
{%- extends 'root.html' -%}
|
||||
{% if IS_LOCALHOST %}
|
||||
{% set csp="script-src 'self' 'unsafe-inline' rdrama.net; connect-src 'self'; object-src 'none';" %}
|
||||
{% else %}
|
||||
{% set csp=none %}
|
||||
{% endif %}
|
||||
{% block pagetitle %}Chat{% endblock %}
|
||||
{% block pagetype %}chat{% endblock %}
|
||||
{% block body %}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{%- extends 'root.html' -%}
|
||||
{% set csp = CONTENT_SECURITY_POLICY_HOME if request.path == '/' else CONTENT_SECURITY_POLICY_DEFAULT %}
|
||||
{% block body_attributes %}id="{% if request.path != '/comments' %}{% block pagetype %}frontpage{% endblock %}{% endif %}" {% if SITE_NAME == 'rDrama' and v and (v.is_banned or v.agendaposter) %}style="overflow-x: hidden;background:url(/assets/images/backgrounds/anime/1.webp?v=3) center center fixed; background-color: var(--background)"{% elif v and v.background %}style="{% if path != '/formatting' %}overflow-x: hidden; {% endif %} background:url(/assets/images/backgrounds/{{v.background}}?v=3) center center fixed; background-color: var(--background){% if 'anime' not in v.background %};background-size: cover{% endif %}"{% elif not v %}style="{% if path != '/formatting' %}overflow-x: hidden; {% endif %} background:url(/assets/images/backgrounds/glitter/1.webp?v=3) center center fixed; background-color: var(--background);background-size: cover"{% endif %}{% endblock %}
|
||||
{% block body %}
|
||||
{% block banner %}
|
||||
|
|
|
@ -7,15 +7,11 @@
|
|||
{% endblock %}
|
||||
{%- import 'util/macros.html' as macros with context -%}
|
||||
{%- import 'util/html_head.html' as html_head with context -%}
|
||||
{%- if request.path == '/' -%}
|
||||
{%- set csp=CONTENT_SECURITY_POLICY_HOME -%}
|
||||
{%- endif -%}
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
{% block head %}
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="Content-Security-Policy" content="{{csp | default(CONTENT_SECURITY_POLICY_DEFAULT, true) | safe}}">
|
||||
{% block title %}<title>{% block pagetitle %}if you see this pls report it as a bug <3{% endblock %} - {{SITE_NAME}}</title>{% endblock %}
|
||||
{{html_head.page_meta(self.pagetitle() or none)}}
|
||||
{{html_head.javascript() if root_scope.js}}
|
||||
|
|
|
@ -8,6 +8,7 @@ server {
|
|||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
||||
add_header X-Frame-Options "deny";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' challenges.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 00bb6d59-7b11-4339-b1ae-b1f1259d1316.pushnotifications.pusher.com; object-src 'none';";
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5000/;
|
||||
|
|
Loading…
Reference in New Issue