Skip to content
Snippets Groups Projects
Commit 0adba647 authored by ale's avatar ale
Browse files

Allow inline images (data: URLs) in the default CSP

parent e75c067c
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
ai_web_common/flask_ai/app.py
+ 4
0
View file @ 0adba647
...@@ -23,6 +23,10 @@ def init_app(app, talisman): ...@@ -23,6 +23,10 @@ def init_app(app, talisman):
app, app,
frame_options=DENY, frame_options=DENY,
referrer_policy='no-referrer', referrer_policy='no-referrer',
content_security_policy={
'default-src': '\'self\'',
'img-src': ['\'self\'', 'data:'],
},
content_security_policy_report_uri=app.config.get( content_security_policy_report_uri=app.config.get(
'CSP_REPORT_URI', DEFAULT_CSP_REPORT_URI), 'CSP_REPORT_URI', DEFAULT_CSP_REPORT_URI),
force_https=not app.config['TESTING'], force_https=not app.config['TESTING'],
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment