caryoscelus
GitHub
commit
9754a3819c
1 changed files with 2 additions and 12 deletions
|
|
@ -318,16 +318,6 @@ class UiRequest:
|
||||||
else:
|
else:
|
||||||
return referer
|
return referer
|
||||||
|
|
||||||
def isScriptNonceSupported(self):
|
|
||||||
user_agent = self.env.get("HTTP_USER_AGENT")
|
|
||||||
if "Edge/" in user_agent:
|
|
||||||
is_script_nonce_supported = False
|
|
||||||
elif "Safari/" in user_agent and "Chrome/" not in user_agent:
|
|
||||||
is_script_nonce_supported = False
|
|
||||||
else:
|
|
||||||
is_script_nonce_supported = True
|
|
||||||
return is_script_nonce_supported
|
|
||||||
|
|
||||||
def getRequestSite(self):
|
def getRequestSite(self):
|
||||||
"""Return 0net site addr associated with current request
|
"""Return 0net site addr associated with current request
|
||||||
|
|
||||||
|
|
@ -356,8 +346,8 @@ class UiRequest:
|
||||||
|
|
||||||
if noscript:
|
if noscript:
|
||||||
headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src *; font-src * data:; media-src *; style-src * 'unsafe-inline';"
|
headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src *; font-src * data:; media-src *; style-src * 'unsafe-inline';"
|
||||||
elif script_nonce and self.isScriptNonceSupported():
|
elif script_nonce:
|
||||||
headers["Content-Security-Policy"] = f"default-src 'none'; script-src 'nonce-{script_nonce}'; img-src 'self' blob: data:; style-src 'self' blob: 'unsafe-inline'; connect-src *; frame-src 'self' blob:"
|
headers["Content-Security-Policy"] = "default-src 'none'; script-src 'nonce-{0}'; img-src 'self' blob: data:; style-src 'self' blob: 'unsafe-inline'; connect-src *; frame-src 'self' blob:".format(script_nonce)
|
||||||
|
|
||||||
if allow_ajax:
|
if allow_ajax:
|
||||||
headers["Access-Control-Allow-Origin"] = "null"
|
headers["Access-Control-Allow-Origin"] = "null"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue