From 2ed25cc843b88dc2e0d14099221fe16d6daf52fd Mon Sep 17 00:00:00 2001 From: Darren Nathanael Date: Fri, 17 Nov 2023 10:00:00 -0600 Subject: [PATCH] CSP - Upstream Patch (#239) * Remove 32bit Docker does not support 32bit anymore. * Fix CSP mistake from 6 years ago. https://content-security-policy.com/unsafe-inline/ * CSP Vun oversight fix --- .github/workflows/docker.yml | 2 +- dpaste/settings/base.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index cb32de6..a804cdb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -59,6 +59,6 @@ jobs: builder: ${{ steps.buildx.outputs.name }} context: . file: ./Dockerfile - platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/i386 + platforms: linux/amd64,linux/arm64,linux/ppc64le push: true tags: ${{ steps.prep.outputs.tags }} diff --git a/dpaste/settings/base.py b/dpaste/settings/base.py index 3b61056..13a5019 100644 --- a/dpaste/settings/base.py +++ b/dpaste/settings/base.py @@ -116,8 +116,9 @@ SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True CSP_DEFAULT_SRC = ("'none'",) -CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'") -CSP_STYLE_SRC = ("'self'", "'unsafe-inline'") +# If you edit the CSS/JS update your 256 HASH here. +CSP_SCRIPT_SRC = ("'self'", "'unsafe-hashes'", "'sha256-634c702966ae36dcd81fe7a4c4756413be3b77af4f4a820651faecd1db1ab26a'",) +CSP_STYLE_SRC = ("'self'", "'unsafe-hashes'", "'sha256-7ac9cd7ab2811dac84cdc031d0acf0f355a2ab619f633b857f6db5b4c2b45361'") LOGGING = { "version": 1,