From f73003afca2b6cc9f48334958068b8f71e084342 Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Sun, 22 Mar 2020 11:24:35 +0100
Subject: Added a way to manage Content Security Policy via the configuration
 file.

---
 instance/production.py | 10 ++++++++++
 instance/sqlite.py     | 10 ++++++++++
 2 files changed, 20 insertions(+)

(limited to 'instance')

diff --git a/instance/production.py b/instance/production.py
index d0aebd7e..05827a56 100644
--- a/instance/production.py
+++ b/instance/production.py
@@ -26,6 +26,16 @@ SQLALCHEMY_DATABASE_URI = "postgres://{user}:{password}@{host}:{port}/{name}".fo
     name=DATABASE_NAME, **DB_CONFIG_DICT
 )
 
+# Security
+CONTENT_SECURITY_POLICY = {
+    'default-src': '\'self\'',
+    'img-src': '*',
+    'media-src': [
+        'youtube.com',
+    ],
+    'script-src': '\'self\''
+}
+
 # Crawler
 CRAWLING_METHOD = "default"
 DEFAULT_MAX_ERROR = 6
diff --git a/instance/sqlite.py b/instance/sqlite.py
index e6065ed3..cec46f48 100644
--- a/instance/sqlite.py
+++ b/instance/sqlite.py
@@ -17,6 +17,16 @@ SECURITY_PASSWORD_SALT = "L8gTsyrpRQEF8jNWQPyvRfv7U5kJkD"
 # Database
 SQLALCHEMY_DATABASE_URI = "sqlite:///newspipe.db"
 
+# Security
+CONTENT_SECURITY_POLICY = {
+    'default-src': '\'self\'',
+    'img-src': '*',
+    'media-src': [
+        'youtube.com',
+    ],
+    'script-src': '\'self\''
+}
+
 # Crawler
 CRAWLING_METHOD = "default"
 DEFAULT_MAX_ERROR = 6
-- 
cgit