Skip to content

Commit

Permalink
Fix handling policy directives with multiple sources. (#32)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jezdez @theacodes
jezdez authored and theacodes committed Oct 5, 2018
1 parent f4c117f commit 13eb3cb
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion flask_talisman/talisman.py
View file
Expand Up @@ -245,7 +245,7 @@ def _parse_policy(self, policy):

for policy_part in policy_string.split(';'):
policy_parts = policy_part.strip().split(' ')
policy[policy_parts[0]] = "".join(policy_parts[1:])
policy[policy_parts[0]] = " ".join(policy_parts[1:])

policies = []
for section, content in iteritems(policy):
Expand Down
8 changes: 4 additions & 4 deletions flask_talisman/talisman_test.py
View file
Expand Up @@ -148,10 +148,10 @@ def testContentSecurityPolicyOptions(self):
self.assertIn('image-src \'self\' example.com', csp)

# string policy
self.talisman.content_security_policy = 'default-src example.com'
self.talisman.content_security_policy = 'default-src \'foo\' spam.eggs'
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
self.assertEqual(response.headers['Content-Security-Policy'],
'default-src example.com')
'default-src \'foo\' spam.eggs')

# no policy
self.talisman.content_security_policy = False
Expand All @@ -160,10 +160,10 @@ def testContentSecurityPolicyOptions(self):

# string policy at initialization
app = flask.Flask(__name__)
Talisman(app, content_security_policy='default-src spam.eggs')
Talisman(app, content_security_policy='default-src \'foo\' spam.eggs')
response = app.test_client().get('/', environ_overrides=HTTPS_ENVIRON)
self.assertIn(
'default-src spam.eggs',
'default-src \'foo\' spam.eggs',
response.headers['Content-Security-Policy']
)

Expand Down

0 comments on commit 13eb3cb

Please sign in to comment.