From ec498e62b9b6f322045669d1d736e00b3bccc5d0 Mon Sep 17 00:00:00 2001
From: Tim Fechner <tim.fechner@hs-hannover.de>
Date: Fri, 26 Aug 2016 08:35:44 +0200
Subject: [PATCH] Add proper Content Security Policy for websockets

---
 salt_observer/templates/_layout/base.html | 1 +
 salt_observer/templates/events.html       | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/salt_observer/templates/_layout/base.html b/salt_observer/templates/_layout/base.html
index c2768ae..5a8a3e0 100644
--- a/salt_observer/templates/_layout/base.html
+++ b/salt_observer/templates/_layout/base.html
@@ -4,6 +4,7 @@
 <html>
     <head>
         <meta charset="utf-8">
+        {% block meta-extra %}{% endblock %}
 
         <title>{% block title-extra %}{% endblock %} | Salt-Observer</title>
 
diff --git a/salt_observer/templates/events.html b/salt_observer/templates/events.html
index b6be4c5..4faa463 100644
--- a/salt_observer/templates/events.html
+++ b/salt_observer/templates/events.html
@@ -5,6 +5,10 @@
 {% block nav-events %}class="active"{% endblock %}
 {% block title-extra %}Events{% endblock %}
 
+{% block meta-extra %}
+    <meta http-equiv="Content-Security-Policy" content="connect-src *">
+{% endblock %}
+
 {% block post-script %}
     <script>
         var token = "{{ request.session.salt_tornado_token }}";
-- 
GitLab