artin/API-Manager
1
0
Fork 0
mirror of https://github.com/OpenBankProject/API-Manager.git synced 2026-02-06 12:46:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added TODO

Browse Source
This commit is contained in:
nemo 2023-11-03 12:24:37 +01:00
parent 93bcbc02d4
commit 016f73e02b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apimanager/apimanager/settings.py
View File

@ -90,6 +90,12 @@ MIDDLEWARE = [
]
# Content Security Policy - External Urls for scripts, styles, and images should be included here
#TODO these outside scripts should really just be loaded when we run "manage.py collectstatic"
# Or the whole static folder could be uploaded to github, this prevents API manager breaking when
# we run it on a server that may not connect to these sites
#TODO inline script and style attributes should be modified in the template base.html so that they
# are no longer inline, this allows us to remove the 'unsafe-inline' policy.
CSP_IMG_SRC = ("'self'", 'https://static.openbankproject.com')
CSP_STYLE_SRC = ("'self'", "'unsafe-inline'",'https://cdnjs.cloudflare.com') #Change 'unsafe-inline' later to use Nonces