From f31170f5a29dfa4574ad3335d0c406d15a2c6b9c Mon Sep 17 00:00:00 2001 From: Chris Hill-Scott Date: Fri, 30 Sep 2016 09:23:00 +0100 Subject: [PATCH] Remove Google Analytics MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reverts https://github.com/alphagov/notifications-admin/pull/306 We’re not looking at the data from Analytics, so shouldn’t be collecting it just in case. Brought to you by the fun police. --- app/__init__.py | 4 ++-- app/templates/admin_template.html | 8 -------- tests/app/main/views/test_headers.py | 4 ++-- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/app/__init__.py b/app/__init__.py index 17b5a4595..5b2c31e6d 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -359,10 +359,10 @@ def useful_headers_after_request(response): response.headers.add('X-XSS-Protection', '1; mode=block') response.headers.add('Content-Security-Policy', ( "default-src 'self' 'unsafe-inline';" - "script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;" + "script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;" "object-src 'self';" "font-src 'self' data:;" - "img-src 'self' *.google-analytics.com *.notifications.service.gov.uk data:;" + "img-src 'self' *.notifications.service.gov.uk data:;" )) if 'Cache-Control' in response.headers: del response.headers['Cache-Control'] diff --git a/app/templates/admin_template.html b/app/templates/admin_template.html index aa57f52d5..08f4587b5 100644 --- a/app/templates/admin_template.html +++ b/app/templates/admin_template.html @@ -129,12 +129,4 @@ {% block body_end %} - {% endblock %} diff --git a/tests/app/main/views/test_headers.py b/tests/app/main/views/test_headers.py index 9f4ec9b80..8bf3d9d99 100644 --- a/tests/app/main/views/test_headers.py +++ b/tests/app/main/views/test_headers.py @@ -8,8 +8,8 @@ def test_owasp_useful_headers_set(app_): assert response.headers['X-XSS-Protection'] == '1; mode=block' assert response.headers['Content-Security-Policy'] == ( "default-src 'self' 'unsafe-inline';" - "script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;" + "script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;" "object-src 'self';" "font-src 'self' data:;" - "img-src 'self' *.google-analytics.com *.notifications.service.gov.uk data:;" + "img-src 'self' *.notifications.service.gov.uk data:;" )