-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add initial content-security-policy #674
Conversation
philli-m
commented
Apr 26, 2023
- use django-csp
- add csp for dev to find issues
@goapunk sorry i restored but now it says it's mine, sent you screen shots of what occurred |
* use django-csp * add csp for dev to find issues
3d90957
to
28279c7
Compare
I added some missing bits, but the error on dev came because the csp here only applies to local testing, therefore it used the strict defaults. Depends on admin |
Lgtm. But I have a question: why are adding all of these to dev settings? |
good question, my thought was that this way we can test them locally and find problems quickly. And for prod we need a slightly different one anyway. I guess we could also put it in base and then overwrite it for prod. Any preference? |
@goapunk so it's dependent on https://github.com/liqd/admin/pull/605 then? |
yes |
Ah ok, thanks for explaining. No, I think it makes sense to leave them in dev then 👍 |