This is an automated email from the ASF dual-hosted git repository.
gcruz pushed a commit to branch gc/8470
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/gc/8470 by this push:
new d07de21e8 fixup! fixup! fixup! [#8470] added default csp headers and
configurable options to add additional frame-src and form-action
d07de21e8 is described below
commit d07de21e8d7b4bda444c66769b12a3a6d7e600da
Author: Guillermo Cruz <[email protected]>
AuthorDate: Wed Oct 5 10:22:25 2022 -0600
fixup! fixup! fixup! [#8470] added default csp headers and configurable
options to add additional frame-src and form-action
---
Allura/allura/lib/custom_middleware.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Allura/allura/lib/custom_middleware.py
b/Allura/allura/lib/custom_middleware.py
index a713bc0e7..7a02ef7e0 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -474,7 +474,7 @@ class ContentSecurityPolicyMiddleware:
resp.headers.add('Content-Security-Policy',
'upgrade-insecure-requests')
if g.csp_report_mode and g.csp_report_uri:
report_suffix = '-Report-Only'
- report_uri = f'; report-uri {g.csp_report_uri}'
+ report_uri = f'; report-uri {g.csp_report_uri}; report-to
{g.csp_report_uri}'
if g.csp_frame_sources:
resp.headers.add(f'Content-Security-Policy{report_suffix}',
f"frame-src 'self' {' '.join(g.csp_frame_sources)}{report_uri}")
if g.csp_form_action_urls:
