nakidai
/
whoogle-search
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove form action from csp 

Restricting form-action to 'self' in the content security policy
prevented Chrome (and likely other browsers) from using !bangs on the
home page.

Fixes #408
main
Ben Busby 2021-08-31 07:57:50 -06:00
parent ad2b2554c1
commit 9f84a8ad83
No known key found for this signature in database
GPG Key ID: 339B7B7EB5333D14
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/__init__.py
View File

@ -75,8 +75,7 @@ app.config['CSP'] = 'default-src \'none\';' \
'style-src \'self\' \'unsafe-inline\';' \ 'style-src \'self\' \'unsafe-inline\';' \
'script-src \'self\';' \ 'script-src \'self\';' \
'media-src \'self\';' \ 'media-src \'self\';' \
'connect-src \'self\';' \ 'connect-src \'self\';'
'form-action \'self\';'
if not os.path.exists(app.config['CONFIG_PATH']): if not os.path.exists(app.config['CONFIG_PATH']):
os.makedirs(app.config['CONFIG_PATH']) os.makedirs(app.config['CONFIG_PATH'])