Skip to content

Commit

Permalink
add django_csp and settings
Browse files Browse the repository at this point in the history
  • Loading branch information
@helllllllder
helllllllder committed May 12, 2022
1 parent ba953a6 commit 99fcce7
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 1 deletion.
9 changes: 9 additions & 0 deletions bothub/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,13 +144,15 @@
"whitenoise.middleware.WhiteNoiseMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.locale.LocaleMiddleware",
"csp.middleware.CSPMiddleware",
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"bothub.api.v2.middleware.UserLanguageMiddleware",

]

ROOT_URLCONF = "bothub.urls"
Expand Down Expand Up @@ -299,6 +301,13 @@
CSRF_COOKIE_SECURE = env.bool("CSRF_COOKIE_SECURE")


# CSP headers

CSP_DEFAULT_SRC = ("'self'", '*')

CSP_FRAME_ANCESTORS = ["'self'", "*.weni.ai"]


# Logging

LOGGING = DEFAULT_LOGGING
Expand Down
21 changes: 20 additions & 1 deletion poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ psycopg2-binary = "~=2.9.1"
weni-protobuffers = "~=1.2.1"
black = "21.7b0"
Pillow = "~=8.4.0"
django-csp = "^3.7"

[tool.poetry.dev-dependencies]
flake8 = "~=4.0.0"
Expand Down

0 comments on commit 99fcce7

Please sign in to comment.