CSP - Upstream Patch (#239)

* Remove 32bit

Docker does not support 32bit anymore.

* Fix CSP mistake from 6 years ago.

https://content-security-policy.com/unsafe-inline/

* CSP Vun oversight fix
This commit is contained in:
Darren Nathanael 2023-11-17 10:00:00 -06:00 committed by GitHub
parent 6856572a5d
commit 2ed25cc843
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 3 deletions

View file

@ -59,6 +59,6 @@ jobs:
builder: ${{ steps.buildx.outputs.name }} builder: ${{ steps.buildx.outputs.name }}
context: . context: .
file: ./Dockerfile file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/i386 platforms: linux/amd64,linux/arm64,linux/ppc64le
push: true push: true
tags: ${{ steps.prep.outputs.tags }} tags: ${{ steps.prep.outputs.tags }}

View file

@ -116,8 +116,9 @@ SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_CONTENT_TYPE_NOSNIFF = True
CSP_DEFAULT_SRC = ("'none'",) CSP_DEFAULT_SRC = ("'none'",)
CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'") # If you edit the CSS/JS update your 256 HASH here.
CSP_STYLE_SRC = ("'self'", "'unsafe-inline'") CSP_SCRIPT_SRC = ("'self'", "'unsafe-hashes'", "'sha256-634c702966ae36dcd81fe7a4c4756413be3b77af4f4a820651faecd1db1ab26a'",)
CSP_STYLE_SRC = ("'self'", "'unsafe-hashes'", "'sha256-7ac9cd7ab2811dac84cdc031d0acf0f355a2ab619f633b857f6db5b4c2b45361'")
LOGGING = { LOGGING = {
"version": 1, "version": 1,