Permalink
Browse files

Exempt search view from CSP.

Remove google from CSP settings.
  • Loading branch information...
pmac committed Jun 6, 2012
1 parent 6cc6c27 commit da3b0e4926e5f6ceceaa6dd1bb91159d79f36ee0
Showing with 3 additions and 19 deletions.
  1. +3 −1 apps/innovate/urls.py
  2. +0 −18 settings.py
View
@@ -1,11 +1,13 @@
from django.conf.urls.defaults import patterns, url
from django.views.generic.base import TemplateView
+from csp.decorators import csp_exempt
+
urlpatterns = patterns('',
url(r'^/?$', 'innovate.views.splash', name='innovate_splash'),
url(r'^about/$', 'innovate.views.about', name='innovate_about'),
url(r'^search/$',
- TemplateView.as_view(template_name='innovate/search.html'),
+ csp_exempt(TemplateView.as_view(template_name='innovate/search.html')),
name='innovate_search'),
)
View
@@ -370,25 +370,17 @@ def JINJA_CONFIG():
'https://www.mozilla.org',
'http://statse.webtrendslive.com',
'https://statse.webtrendslive.com',
- 'http://*.google.com',
- 'https://*.google.com',
- 'http://*.googleapis.com',
- 'https://*.googleapis.com',
'data:',
)
CSP_STYLE_SRC = (
"'self'",
'http://www.mozilla.org',
'https://www.mozilla.org',
- 'http://*.google.com',
- 'https://*.google.com',
)
CSP_FONT_SRC = (
"'self'",
'http://www.mozilla.org',
'https://www.mozilla.org',
- 'http://*.google.com',
- 'https://*.google.com',
)
CSP_SCRIPT_SRC = (
"'self'",
@@ -398,17 +390,7 @@ def JINJA_CONFIG():
'https://www.mozilla.org',
'http://statse.webtrendslive.com',
'https://statse.webtrendslive.com',
- 'http://*.google.com',
- 'https://*.google.com',
- 'http://*.googleapis.com',
- 'https://*.googleapis.com',
-)
-CSP_FRAME_SRC = (
- "'self'",
- 'http://*.google.com',
- 'https://*.google.com',
)
CSP_OPTIONS = (
'eval-script',
- 'inline-script',
)

0 comments on commit da3b0e4

Please sign in to comment.