diff --git a/requirements.txt b/requirements.txt
index 893fc6c..df0766f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,6 +6,7 @@ chardet==4.0.0
click==8.1.3
coverage==6.4.2
Flask==2.1.2
+flask-talisman==1.0.0
gunicorn==20.1.0
iniconfig==1.1.1
itsdangerous==2.1.2
diff --git a/tests/test_integrations/test_document.py b/tests/test_integrations/test_document.py
index 1a758e6..47e91b3 100644
--- a/tests/test_integrations/test_document.py
+++ b/tests/test_integrations/test_document.py
@@ -28,7 +28,10 @@ def test_document_found(client) -> None:
Args:
client (test_client): The test client for the Flask application.
"""
- assert client.get("/").status_code == 200
+ assert client.get(
+ "/",
+ follow_redirects=True,
+ ).status_code == 200
def test_document_not_found(client) -> None:
"""
@@ -37,7 +40,10 @@ def test_document_not_found(client) -> None:
Args:
client (test_client): The test client for the Flask application.
"""
- assert client.get("/notfound").status_code == 404
+ assert client.get(
+ "/notfound",
+ follow_redirects=True,
+ ).status_code == 404
@pytest.mark.parametrize("name, content", [
("viewport", "width=device-width, initial-scale=1"),
@@ -54,4 +60,9 @@ def test_document_meta_element(name: str, content: str, client) -> None:
content (str): The content of the meta element.
client (test_client): The test client for the Flask application.
"""
- assert client.get('/').data.decode().find(f"") > 0
+ assert client.get(
+ '/',
+ follow_redirects=True,
+ ).data.decode().find(
+ f""
+ ) > 0
diff --git a/tests/test_integrations/test_faq.py b/tests/test_integrations/test_faq.py
index 9b5cc75..2f6add5 100644
--- a/tests/test_integrations/test_faq.py
+++ b/tests/test_integrations/test_faq.py
@@ -28,7 +28,10 @@ def test_faq(client):
Args:
client (test_client): The test client.
"""
- response = client.get('/faq')
+ response = client.get(
+ '/faq',
+ follow_redirects=True,
+ )
assert response.status_code == 200
assert 'Frequently Asked Questions' in response.text
@@ -51,6 +54,9 @@ def test_faq_questions(client, question: str):
client (test_client): The test client.
question (str): The question to test.
"""
- response = client.get('/faq')
+ response = client.get(
+ '/faq',
+ follow_redirects=True,
+ )
assert question in response.text
diff --git a/tests/test_snapshots/test_articles.py b/tests/test_snapshots/test_articles.py
index ce39a83..cb1ee92 100644
--- a/tests/test_snapshots/test_articles.py
+++ b/tests/test_snapshots/test_articles.py
@@ -35,7 +35,10 @@ def test_article_found(article_slug: str, client) -> None:
article_slug (str): The slug of the article to find.
client (website.app.test_client): The test client for the Flask application.
"""
- assert client.get(f"/{article_slug}").status_code == 200
+ assert client.get(
+ f"/{article_slug}",
+ follow_redirects=True,
+ ).status_code == 200
@pytest.mark.parametrize("article_slug", ARTICLE_SLUGS)
def test_article_snapshots(article_slug: str, client, snapshot) -> None:
@@ -48,7 +51,10 @@ def test_article_snapshots(article_slug: str, client, snapshot) -> None:
snapshot (pytest_snapshot.plugin.Snapshot): The snapshot plugin.
"""
snapshot.snapshot_dir = "tests/snapshots"
- html = client.get(f"/{article_slug}").text
+ html = client.get(
+ f"/{article_slug}",
+ follow_redirects=True,
+ ).text
soup = bs4.BeautifulSoup(html, "html.parser")
snapshot.assert_match(
diff --git a/website/__init__.py b/website/__init__.py
index 8b08dac..8e5645a 100644
--- a/website/__init__.py
+++ b/website/__init__.py
@@ -23,11 +23,23 @@
import flask
import markdown
+from flask_talisman import Talisman
from website.repositories import Repository, blog_repositories
app = flask.Flask(__name__)
+
+csp = {
+ 'default-src': [
+ '\'self\'',
+ 'cdn.jsdelivr.net',
+ ]
+
+}
+Talisman(app, content_security_policy=csp)
+
app.jinja_env.add_extension('pypugjs.ext.jinja.PyPugJSExtension')
+
blog_repo = blog_repositories.PostRepository('blog')
@app.route('/')