Bryan BRANCOTTE
--- a/src/strass/strass/settings.py

+ 32

− 29
+++ b/src/strass/strass/settings.py

+ 32

− 29
 @@ -251,34 +251,37 @@ FILE_UPLOAD_MAX_MEMORY_SIZE = 10485760  # 10Mo
 @@ -251,34 +251,37 @@ FILE_UPLOAD_MAX_MEMORY_SIZE = 10485760  # 10Mo
 ################################################################################
 # DJANGO CSP, and DJANGO CSP REPORTS
 ################################################################################
-CSP_DEFAULT_SRC = [
-    "'self'",
+CONTENT_SECURITY_POLICY = {
-    "*",
+    'DIRECTIVES': {
-]
+        'default-src': [
-CSP_SCRIPT_SRC = [
+            "'self'",
-    "'self'",
+            '*',
-    "cdn.datatables.net",
+        ],
-    "cdnjs.cloudflare.com",
+        'script-src': [
-    "code.jquery.com",
+            "'self'",
-    "plausible.pasteur.cloud",
+            'cdn.datatables.net',
-    "stackpath.bootstrapcdn.com",
+            'cdnjs.cloudflare.com',
-    "cdn.jsdelivr.net",
+            'code.jquery.com',
-    "www.googletagmanager.com",
+            'plausible.pasteur.cloud',
-    "www.google-analytics.com",
+            'stackpath.bootstrapcdn.com',
-]
+            'cdn.jsdelivr.net',
-CSP_STYLE_SRC = [
+            'www.googletagmanager.com',
-    "'self'",
+            'www.google-analytics.com',
-    "'unsafe-inline'",
+        ],
-    '*',
+        'style-src': [
-]
+            "'self'",
-CSP_IMG_SRC = [
+            "'unsafe-inline'",
-    "'self'",
+            '*',
-    "*",
+        ],
-    "data:",
+        'img-src': [
-]
+            "'self'",
-CSP_EXCLUDE_URL_PREFIXES = (
+            "*",
-    # "/candidate/",
+            "data:",
-)
+        ],
-CSP_REPORT_URI = reverse_lazy('cspmailreports:csp-report')
+        'report-uri': reverse_lazy('cspmailreports:csp-report'),
+    },
+    'EXCLUDE_URL_PREFIXES': (),
+}
 ################################################################################