pagure: tune csp headers on stg

2019-08-01 08:05:59 +02:00 · 2019-08-01 08:05:59 +02:00 · f362dc6717
commit f362dc6717
parent 963ff9586b
1 changed files with 14 additions and 0 deletions
--- a/roles/pagure/frontend/templates/pagure.cfg
+++ b/roles/pagure/frontend/templates/pagure.cfg
@ -367,3 +367,17 @@ REPOSPANNER_REGIONS = {

 GIT_AUTH_BACKEND = 'pagure'
 HTTP_REPO_ACCESS_GITOLITE = None
+
+{% if env == 'pagure-staging' %}
+CSP_HEADERS = (
+    "default-src 'self';"
+    "script-src 'self' '{nonce_script}'; "
+    "style-src 'self' '{nonce_style}'; "
+    "object-src 'none';"
+    "base-uri 'self';"
+    "img-src 'self' https:;"
+    "connect-src 'self' https://stg.pagure.io:8088;"
+    "frame-src https://docs.stg.pagure.org;"
+    "frame-ancestors https://stg.pagure.io;"
+)
+{% endif %}