From 2de580306b248eb27b0273e699ae9fef38829f21 Mon Sep 17 00:00:00 2001
From: Julen Landa Alustiza <jlanda@fedoraproject.org>
Date: Wed, 21 Aug 2019 16:59:26 +0200
Subject: [PATCH] dist-git: Custom csp policy that allows connecting to
 apps.fp.o

---
 roles/distgit/pagure/templates/pagure.cfg | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/distgit/pagure/templates/pagure.cfg b/roles/distgit/pagure/templates/pagure.cfg
index f3dd2c466a..0aa7c77645 100644
--- a/roles/distgit/pagure/templates/pagure.cfg
+++ b/roles/distgit/pagure/templates/pagure.cfg
@@ -296,4 +296,13 @@ PROJECT_NAME_REGEX = '^[a-zA-z0-9_][a-zA-Z0-9-_\.+]*$'
 
 HTTP_REPO_ACCESS_GITOLITE = None
 
+CSP_HEADERS = (
+    "default-src 'self';"
+    "script-src 'self' '{nonce_script}' https://apps.fedoraproject.org; "
+    "style-src 'self' '{nonce_style}'; "
+    "object-src 'none';"
+    "base-uri 'self';"
+    "img-src 'self' https:;"
+)
+
 {% include "pagure_shared.cfg" %}