almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-05-05 04:31:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow more elements with CSP

Browse source 
Ultimately, we should get rid of inline style
For image in data: scheme, I think it's OK for now
Fixes #1055
This commit is contained in:
Glandos 2022-08-28 11:37:31 +02:00
parent 08defaea8f
commit 9dafe8034e
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ihatemoney/run.py
View file

@ -144,6 +144,8 @@ def create_app(
# We have several inline javascript scripts :(
"script-src": ["'self'", "'unsafe-inline'"],
"object-src": "'none'",
"img-src": ["'self'", "data:"],
"style-src": ["'self'", "'unsafe-inline'"]
}
Talisman(