:( ?? #41, #40, amo uses same django-recaptcha as me. Same in-body sc…

…ript. Why does theirs work but not me? I have coppied CSP to be identical
haoqili · Jul 9, 2011 · ffc7e6e · ffc7e6e
1 parent 7b4cff3
commit ffc7e6e
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/settings.py b/settings.py
@@ -400,6 +400,10 @@ def JINJA_CONFIG():
                "http://haoqili.scripts.mit.edu",
                "https://fpdownload.macromedia.com",
                "http://www.adobe.com",
+                # WHAT IS THE CSP TO MAKE CAPTACH WORK?
+                "https://static-cdn.addons.mozilla.net",
+                "https://statse.webtrendslive.com", 
+                "https://www.getpersonas.com"
               )    
 CSP_SCRIPT_SRC = ("'self'", STATIC_URL,
             "https://api-secure.recaptcha.net", 
@@ -408,13 +412,17 @@ def JINJA_CONFIG():
                "http://haoqili.scripts.mit.edu",
                "https://fpdownload.macromedia.com",
                "http://www.adobe.com",
+                "https://static-cdn.addons.mozilla.net",
+                "https://www.paypalobjects.com",
                   )    
-CSP_STYLE_SRC = ("'self'", STATIC_URL,)
+CSP_STYLE_SRC = ("'self'", STATIC_URL,"https://static-cdn.addons.mozilla.net")
 CSP_OBJECT_SRC = ("'none'",)
 CSP_MEDIA_SRC = ("'none'",)
 CSP_FRAME_SRC = ("*", # allow all for the x-frame-options demo
                "https://www.google.com",  # Recaptcha comes from google
                "http://www.google.com",  # Recaptcha comes from google
+                "https://s3.amazonaws.com", 
+                "https://getsatisfaction.com",
                 )    
 CSP_FONT_SRC = ("'self'", "fonts.mozilla.com", "www.mozilla.com", )
 # self is needed for paypal which sends x-frame-options:allow when needed.