Nice.

2025-06-14 12:53:40 +02:00 · 2025-06-14 12:53:40 +02:00 · 6a905c1948
commit 6a905c1948
parent bf576bc0e3
1 changed files with 6 additions and 7 deletions
--- a/src/snek/system/middleware.py
+++ b/src/snek/system/middleware.py
@ -7,21 +7,20 @@ from aiohttp import web

@web.middleware
 async def csp_middleware(request, handler):
-    nonce = str(secrets.token_hex(16))
-    print("Nonce:", nonce)
+    nonce = secrets.token_hex(16)
    csp_policy = (
        "default-src 'self'; "
        f"script-src 'self' https://umami.molodetz.nl 'nonce-{nonce}'; "
        "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; "
-        "img-src 'self' data: https://umodetz.nl; "
-        "connect-src 'self' https://umodetz.nl; "
-        "font-src 'self' data:; "
+        "img-src *; "
+        "connect-src 'self' https://umami.molodetz.nl; "
+        "font-src *; "
        "object-src 'none'; "
        "base-uri 'self'; "
        "form-action 'self'; "
        "frame-src 'self'; "
-        "worker-src 'self'; "
-        "media-src 'self'; "
+        "worker-src *; "
+        "media-src *; "
        "manifest-src 'self';"
    )
    request['csp_nonce'] = nonce