Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content-Security-Policy header breaks Flask-Admin forms #56

Closed
ntarocco opened this issue Aug 7, 2017 · 0 comments · Fixed by #57
Closed

Content-Security-Policy header breaks Flask-Admin forms #56

ntarocco opened this issue Aug 7, 2017 · 0 comments · Fixed by #57
Assignees
@ntarocco
Milestone
v1.0.0

Comments

@ntarocco
Copy link
Contributor

ntarocco commented Aug 7, 2017

The Talisman extension in Invenio app module adds the security header
[X-]Content-Security-Policy:default-src 'self'

This breaks the Flask-Admin forms because the code has inline js/css.

There is an issues opened on Flask-Admin and a PR partially fixing the issue (pallets-eco/flask-admin#1135). For the time being, the easiest solution is to remove the header for Invenio admin views.
@ntarocco ntarocco self-assigned this Aug 7, 2017
@ntarocco ntarocco added this to the v1.0.0 milestone Aug 7, 2017
ntarocco added a commit that referenced this issue Aug 7, 2017
@ntarocco
Remove CSP header for admin views which was broken Flask-Admin forms
2326400 
- override Talisman configuration @before_request to set CSP to None
- remove CSP response header
- fixes #56
@ntarocco ntarocco mentioned this issue Aug 7, 2017
Merged
ntarocco added a commit to ntarocco/invenio-admin that referenced this issue Aug 7, 2017
@ntarocco
Override CSP config for admin views which breaks Flask-Admin forms.
66af861 
- fixes inveniosoftware#56
ntarocco added a commit to ntarocco/invenio-admin that referenced this issue Aug 8, 2017
@ntarocco
Override CSP config for admin views which breaks Flask-Admin forms.
6527396 
- fixes inveniosoftware#56
ntarocco added a commit to ntarocco/invenio-admin that referenced this issue Aug 8, 2017
@ntarocco
Override CSP config for admin views which breaks Flask-Admin forms.
eaef685 
- fixes inveniosoftware#56
lnielsen pushed a commit that referenced this issue Aug 9, 2017
@ntarocco @lnielsen
Override CSP config for admin views which breaks Flask-Admin forms.
0d4ef61 
- fixes #56
@mtllr mtllr mentioned this issue Jun 28, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ntarocco ntarocco

Labels
None yet
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging a pull request may close this issue.

Remove CSP header for admin views which was broken Flask-Admin forms ntarocco/invenio-admin
3 participants
@jirikuncar @lnielsen @ntarocco