add a reasonable default Content Security Policy

ideally we'd improve this over time to remove the `unsafe-inline` lines,
but we can't due that today because Angular1 makes use of a lot of
inline <script> and <style> tag generation

see: https://github.com/ansible/awx/issues/2056
This commit is contained in:
Ryan Petrello
2019-06-26 10:02:36 -04:00
parent e612a167e2
commit eacf819caf
4 changed files with 21 additions and 0 deletions

View File

@@ -8,6 +8,7 @@ from awx.main.views import (
handle_403,
handle_404,
handle_500,
handle_csp_violation,
)
@@ -20,6 +21,7 @@ urlpatterns = [
url(r'^(?:api/)?403.html$', handle_403),
url(r'^(?:api/)?404.html$', handle_404),
url(r'^(?:api/)?500.html$', handle_500),
url(r'^csp-violation/', handle_csp_violation),
]
if settings.SETTINGS_MODULE == 'awx.settings.development':