darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 02:42:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #71 from alphagov/csp-fonts

Browse Source 
Add content security policy directive to allow loading of base64 encoded
This commit is contained in:
NIcholas Staples
2016-01-13 10:55:42 +00:00
parent d741fecb32 9ce46c19cb
commit a23017e3f5
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/__init__.py
View File

@@ -124,7 +124,7 @@ def useful_headers_after_request(response):
response.headers.add('X-Content-Type-Options', 'nosniff')
response.headers.add('X-XSS-Protection', '1; mode=block')
response.headers.add('Content-Security-Policy',
"default-src 'self' 'unsafe-inline'")
"default-src 'self' 'unsafe-inline'; font-src 'self' data:;") # noqa
return response

2
tests/app/main/views/test_headers.py
View File

@@ -6,4 +6,4 @@ def test_owasp_useful_headers_set(notifications_admin):
assert response.headers['X-Frame-Options'] == 'deny'
assert response.headers['X-Content-Type-Options'] == 'nosniff'
assert response.headers['X-XSS-Protection'] == '1; mode=block'
assert response.headers['Content-Security-Policy'] == "default-src 'self' 'unsafe-inline'" # noqa
assert response.headers['Content-Security-Policy'] == "default-src 'self' 'unsafe-inline'; font-src 'self' data:;" # noqa