diff --git a/app/__init__.py b/app/__init__.py
index 2ae627f10..f1c1d5fe4 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -145,6 +145,7 @@ def _csp(config):
"frame-src": [
"https://www.youtube.com",
"https://www.youtube-nocookie.com",
+ "https://www.googletagmanager.com",
],
"frame-ancestors": "'none'",
"form-action": "'self'",
@@ -169,6 +170,11 @@ def _csp(config):
def create_app(application):
+ @application.after_request
+ def add_csp_header(response):
+ existing_csp = response.headers.get("Content-Security-Policy", "")
+ response.headers["Content-Security-Policy"] = existing_csp + "; form-action 'self';"
+ return response
# @application.context_processor
# def inject_feature_flags():
# this is where feature flags can be easily added as a dictionary within context
diff --git a/app/assets/sass/uswds/_legacy-styles.scss b/app/assets/sass/uswds/_legacy-styles.scss
index 4af2cc6f6..71fc58e4f 100644
--- a/app/assets/sass/uswds/_legacy-styles.scss
+++ b/app/assets/sass/uswds/_legacy-styles.scss
@@ -49,12 +49,12 @@
}
.sms-message-sender, .sms-message-file-name, .sms-message-scheduler, .sms-message-template, .sms-message-sender {
- margin:0.25rem 0 0;
+ margin: units(0.5) 0 0;
}
.sms-message-recipient {
color: color('gray-cool-90');
- margin: units(1) 0 units(1);
+ margin: units(0.5) 0 units(2);
}
.sms-message-status {
diff --git a/app/templates/base.html b/app/templates/base.html
index c37937cdb..f482d8f37 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -14,7 +14,7 @@
{% block bodyStart %}
{% block extra_javascripts_before_body %}
-
{% endblock %}
{% endblock %}
diff --git a/app/templates/components/file-upload.html b/app/templates/components/file-upload.html
index 27989ee8f..933fb8715 100644
--- a/app/templates/components/file-upload.html
+++ b/app/templates/components/file-upload.html
@@ -29,7 +29,7 @@
'class': 'file-upload-field',
'accept': allowed_file_extensions|format_list_items('.{item}')|join(',')|e
}) }}
-