Allow static_url domain in prod

2019-11-13 17:01:06 -05:00 · 2019-11-13 17:01:06 -05:00 · 4c5a4f29b8
commit 4c5a4f29b8
parent c10aedd4dc
1 changed files with 3 additions and 1 deletions
--- a/atst/app.py
+++ b/atst/app.py
@ -127,6 +127,8 @@ def make_flask_callbacks(app):


 def set_default_headers(app):  # pragma: no cover
+    static_url = app.config.get("STATIC_URL")
+
    @app.after_request
    def _set_security_headers(response):
        response.headers[
@ -143,7 +145,7 @@ def set_default_headers(app):  # pragma: no cover
        else:
            response.headers[
                "Content-Security-Policy"
-            ] = "default-src 'self' 'unsafe-eval' 'unsafe-inline'"
+            ] = f"default-src 'self' 'unsafe-eval' 'unsafe-inline' {static_url}"

        return response