cqrenet/aoc
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 29 Wiki Activity

v1.7.13: switch Alpine.js to CSP build, remove unsafe-eval from CSP
All checks were successful
CI / lint-and-test (push) Successful in 24s
Details
Release / build-and-push (push) Successful in 1m19s
Details

Browse Source
This commit is contained in:
Tomas Kracmar
2026-04-27 15:48:22 +02:00
parent 07a841615b
commit 9171cc1c02
4 changed files with 45 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/main.py
View File

@@ -109,7 +109,7 @@ async def security_headers_middleware(request: Request, call_next):
if request.url.path.startswith("/api/") or request.url.path in ("/", "/index.html"):
response.headers["Content-Security-Policy"] = (
"default-src 'self'; "
"script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net alcdn.msauth.net; "
"script-src 'self' 'unsafe-inline' cdn.jsdelivr.net alcdn.msauth.net; "
"style-src 'self' 'unsafe-inline'; "
"connect-src 'self' https://login.microsoftonline.com; "
"frame-src 'self' https://login.microsoftonline.com; "