darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-05 16:38:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

appending api hosted urls to append to csp to allow for connections

Browse Source
This commit is contained in:
Beverly Nguyen
2025-04-29 11:59:06 -07:00
parent b78a430ef9
commit b468620ead
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/__init__.py
View File

@@ -141,7 +141,9 @@ navigation = {
def _csp(config):
asset_domain = config["ASSET_DOMAIN"]
logo_domain = config["LOGO_CDN_DOMAIN"]
return {
api_host_name = os.getenv('API_HOST_NAME')
csp = {
"default-src": ["'self'", asset_domain],
"frame-src": [
"https://www.youtube.com",
@@ -165,13 +167,21 @@ def _csp(config):
"'self'",
"https://gov-bam.nr-data.net",
"https://www.google-analytics.com",
"http://localhost:6011",
"ws://localhost:6011",
],
"style-src": ["'self'", asset_domain],
"img-src": ["'self'", asset_domain, logo_domain],
}
if api_host_name:
csp["connect-src"].append(api_host_name)
# this is for web socket
if api_host_name.startswith("http://"):
ws_url = api_host_name.replace("http://", "ws://")
csp["connect-src"].append(ws_url)
elif api_host_name.startswith("https://"):
ws_url = api_host_name.replace("https://", "wss://")
csp["connect-src"].append(ws_url)
return csp
def create_app(application):
@application.after_request