This commit is contained in:
retoor 2025-06-14 12:53:40 +02:00
parent bf576bc0e3
commit 6a905c1948

View File

@ -7,21 +7,20 @@ from aiohttp import web
@web.middleware
async def csp_middleware(request, handler):
nonce = str(secrets.token_hex(16))
print("Nonce:", nonce)
nonce = secrets.token_hex(16)
csp_policy = (
"default-src 'self'; "
f"script-src 'self' https://umami.molodetz.nl 'nonce-{nonce}'; "
"style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; "
"img-src 'self' data: https://umodetz.nl; "
"connect-src 'self' https://umodetz.nl; "
"font-src 'self' data:; "
"img-src *; "
"connect-src 'self' https://umami.molodetz.nl; "
"font-src *; "
"object-src 'none'; "
"base-uri 'self'; "
"form-action 'self'; "
"frame-src 'self'; "
"worker-src 'self'; "
"media-src 'self'; "
"worker-src *; "
"media-src *; "
"manifest-src 'self';"
)
request['csp_nonce'] = nonce