Fixed security issue and noscript iframe

This commit is contained in:
alexjanousekGSA
2025-04-07 14:45:28 -04:00
parent 82934daa02
commit b5675e586e
3 changed files with 27 additions and 173 deletions

View File

@@ -169,6 +169,10 @@ def _csp(config):
def create_app(application):
@application.after_request
def add_csp_header(response):
response.headers['Content-Security-Policy'] = "frame-src https://www.googletagmanager.com"
return response
# @application.context_processor
# def inject_feature_flags():
# this is where feature flags can be easily added as a dictionary within context

View File

@@ -14,7 +14,7 @@
<script nonce="{{ csp_nonce() }}">document.body.className = ((document.body.className) ? document.body.className + ' js-enabled' : 'js-enabled');</script>
{% block bodyStart %}
{% block extra_javascripts_before_body %}
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WX5NGWF"
<noscript><iframe sandbox src="https://www.googletagmanager.com/ns.html?id=GTM-WX5NGWF"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
{% endblock %}
{% endblock %}

194
poetry.lock generated

File diff suppressed because it is too large Load Diff