diff options
author | Jelle van der Waa <jelle@archlinux.org> | 2019-02-24 17:14:17 +0100 |
---|---|---|
committer | Jelle van der Waa <jelle@archlinux.org> | 2019-02-24 17:14:17 +0100 |
commit | aae6e43fccada4883bd2630a2c33666d3461f08e (patch) | |
tree | d9b3ba0684c5a4195904c758f197288bd6db0f0a | |
parent | b737f2b4c393a3a4ff352573e1accdd17e3aa67a (diff) |
Add base-uri and frame-ancestors to CSPrelease_2019-02-24
The archweb website contains no <base> elements so this can be
disallowed. Also set frame-ancestors is set to the same value as
X-Frame-Options.
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
-rw-r--r-- | settings.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/settings.py b/settings.py index 17377c25..8d06b326 100644 --- a/settings.py +++ b/settings.py @@ -98,6 +98,8 @@ CSP_DEFAULT_SRC = ("'self'",) CSP_SCRIPT_SRC = ("'self'",) CSP_INCLUDE_NONCE_IN = ['script-src'] CSP_IMG_SRC = ("'self'", 'data:',) +CSP_BASE_URI = ("'none'",) +CSP_FRAME_ANCESTORS = ("'none'",) # Use new test runner TEST_RUNNER = 'django.test.runner.DiscoverRunner' |