Skip to content

Commit

Permalink
exclude /api from CSP??
Browse files Browse the repository at this point in the history
  • Loading branch information
@KevinMind
KevinMind committed Mar 10, 2025
1 parent 17a800a commit 51b5ac7
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions src/olympia/lib/settings_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1079,7 +1079,7 @@ def get_db_config(environ_var, atomic_requests=True):

CSP_REPORT_URI = '/__cspreport__'
CSP_REPORT_ONLY = False
CSP_EXCLUDE_URL_PREFIXES = ()
CSP_EXCLUDE_URL_PREFIXES = ('/api',)

# NOTE: CSP_DEFAULT_SRC MUST be set otherwise things not set
# will default to being open to anything.
Expand Down Expand Up @@ -1110,7 +1110,6 @@ def get_db_config(environ_var, atomic_requests=True):
CSP_OBJECT_SRC = ("'none'",)

CSP_SCRIPT_SRC = (
"'self'",
GOOGLE_ANALYTICS_HOST,
GOOGLE_TAGMANAGER_HOST,
'https://www.recaptcha.net/recaptcha/',
Expand Down

0 comments on commit 51b5ac7

Please sign in to comment.