pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add BLOB_STORAGE_URL config

Browse Source 
Our content security policy in non-dev environments didn't allow uploading to azure blob storage. This adds a configurable blob storage base URL to allow regions to specify which storage endpoint they expect the upload request to use.
This commit is contained in:
tomdds
2019-11-22 11:56:27 -05:00
parent 5cc032b655
commit 4df68bab23
3 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
atst/app.py
View File

@@ -128,6 +128,7 @@ def make_flask_callbacks(app):
def set_default_headers(app): # pragma: no cover
static_url = app.config.get("STATIC_URL")
blob_storage_url = app.config.get("BLOB_STORAGE_URL")
@app.after_request
def _set_security_headers(response):
@@ -146,7 +147,7 @@ def set_default_headers(app): # pragma: no cover
else:
response.headers[
"Content-Security-Policy"
] = f"default-src 'self' 'unsafe-eval' 'unsafe-inline' {static_url}"
] = f"default-src 'self' 'unsafe-eval' 'unsafe-inline' {blob_storage_url} {static_url}"
return response