Merge pull request #71 from alphagov/csp-fonts

Add content security policy directive to allow loading of base64 encoded
2026-05-05 08:31:00 -04:00 · 2016-01-13 10:55:42 +00:00
parent d741fecb32 9ce46c19cb
commit a23017e3f5
2 changed files with 2 additions and 2 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -124,7 +124,7 @@ def useful_headers_after_request(response):
    response.headers.add('X-Content-Type-Options', 'nosniff')
    response.headers.add('X-XSS-Protection', '1; mode=block')
    response.headers.add('Content-Security-Policy',
-                         "default-src 'self' 'unsafe-inline'")
+                         "default-src 'self' 'unsafe-inline'; font-src 'self' data:;")  # noqa
    return response