From ec498e62b9b6f322045669d1d736e00b3bccc5d0 Mon Sep 17 00:00:00 2001 From: Tim Fechner <tim.fechner@hs-hannover.de> Date: Fri, 26 Aug 2016 08:35:44 +0200 Subject: [PATCH] Add proper Content Security Policy for websockets --- salt_observer/templates/_layout/base.html | 1 + salt_observer/templates/events.html | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/salt_observer/templates/_layout/base.html b/salt_observer/templates/_layout/base.html index c2768ae..5a8a3e0 100644 --- a/salt_observer/templates/_layout/base.html +++ b/salt_observer/templates/_layout/base.html @@ -4,6 +4,7 @@ <html> <head> <meta charset="utf-8"> + {% block meta-extra %}{% endblock %} <title>{% block title-extra %}{% endblock %} | Salt-Observer</title> diff --git a/salt_observer/templates/events.html b/salt_observer/templates/events.html index b6be4c5..4faa463 100644 --- a/salt_observer/templates/events.html +++ b/salt_observer/templates/events.html @@ -5,6 +5,10 @@ {% block nav-events %}class="active"{% endblock %} {% block title-extra %}Events{% endblock %} +{% block meta-extra %} + <meta http-equiv="Content-Security-Policy" content="connect-src *"> +{% endblock %} + {% block post-script %} <script> var token = "{{ request.session.salt_tornado_token }}"; -- GitLab