mirror of
https://github.com/ansible/awx.git
synced 2026-07-08 06:48:04 -02:30
add a reasonable default Content Security Policy
ideally we'd improve this over time to remove the `unsafe-inline` lines, but we can't due that today because Angular1 makes use of a lot of inline <script> and <style> tag generation see: https://github.com/ansible/awx/issues/2056
This commit is contained in:
@@ -8,6 +8,7 @@ from awx.main.views import (
|
||||
handle_403,
|
||||
handle_404,
|
||||
handle_500,
|
||||
handle_csp_violation,
|
||||
)
|
||||
|
||||
|
||||
@@ -20,6 +21,7 @@ urlpatterns = [
|
||||
url(r'^(?:api/)?403.html$', handle_403),
|
||||
url(r'^(?:api/)?404.html$', handle_404),
|
||||
url(r'^(?:api/)?500.html$', handle_500),
|
||||
url(r'^csp-violation/', handle_csp_violation),
|
||||
]
|
||||
|
||||
if settings.SETTINGS_MODULE == 'awx.settings.development':
|
||||
|
||||
Reference in New Issue
Block a user