pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #505 from dod-ccpo/unsafe-inline-svg

Browse Source 
Add ‘unsafe-inline’ to headers to fix rendering svgs
This commit is contained in:
George Drummond 2018-12-19 11:18:08 -05:00 committed by GitHub
commit 5fd2fc3558
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
atst/app.py
View File

@ -105,11 +105,11 @@ def set_default_headers(app): # pragma: no cover
if ENV == "dev":
response.headers[
"Content-Security-Policy"
] = "default-src 'self' 'unsafe-eval'; connect-src *"
] = "default-src 'self' 'unsafe-eval' 'unsafe-inline'; connect-src *"
else:
response.headers[
"Content-Security-Policy"
] = "default-src 'self' 'unsafe-eval'"
] = "default-src 'self' 'unsafe-eval' 'unsafe-inline'"
return response