Skip to content

Commit

Permalink
CSP - Upstream Patch (#239)
Browse files Browse the repository at this point in the history 
* Remove 32bit

Docker does not support 32bit anymore.

* Fix CSP mistake from 6 years ago.

https://content-security-policy.com/unsafe-inline/

* CSP Vun oversight fix
  • Loading branch information
@DarrenOfficial
DarrenOfficial authored Nov 17, 2023
1 parent 6856572 commit 2ed25cc
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,6 @@ jobs:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/i386
platforms: linux/amd64,linux/arm64,linux/ppc64le
push: true
tags: ${{ steps.prep.outputs.tags }}
5 changes: 3 additions & 2 deletions dpaste/settings/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,9 @@
SECURE_CONTENT_TYPE_NOSNIFF = True

CSP_DEFAULT_SRC = ("'none'",)
CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'")
CSP_STYLE_SRC = ("'self'", "'unsafe-inline'")
# If you edit the CSS/JS update your 256 HASH here.
CSP_SCRIPT_SRC = ("'self'", "'unsafe-hashes'", "'sha256-634c702966ae36dcd81fe7a4c4756413be3b77af4f4a820651faecd1db1ab26a'",)
CSP_STYLE_SRC = ("'self'", "'unsafe-hashes'", "'sha256-7ac9cd7ab2811dac84cdc031d0acf0f355a2ab619f633b857f6db5b4c2b45361'")

LOGGING = {
"version": 1,
Expand Down

0 comments on commit 2ed25cc

Please sign in to comment.