fix: update csp to resolve cors issues

acdh-oeaw · Dec 4, 2024 · bd260de · bd260de
1 parent 3b93677
commit bd260de
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/apis/settings/biographien.py b/apis/settings/biographien.py
@@ -17,6 +17,38 @@
     "*",
 ]
 
+INSTALLED_APPS += [
+    'csp',
+    # other apps
+]
+
+
+CSP_DEFAULT_SRC = (
+    "'self'",
+    "'unsafe-inline'",
+    "data: 'unsafe-eval'",
+    "cdnjs.cloudflare.com",
+    "cdn.jsdelivr.net",
+    "fonts.googleapis.com",
+    "ajax.googleapis.com",
+    "cdn.rawgit.com",
+    "*.acdh.oeaw.ac.at",
+    "unpkg.com",
+    "fonts.gstatic.com",
+    "cdn.datatables.net",
+    "code.highcharts.com",
+    "*.acdh-dev.oeaw.ac.at",
+    "*.acdh.oeaw.ac.at",
+    "openstreetmap.org",
+    "*.openstreetmap.org",
+    "*.placeholder.com",
+)
+
+CSP_SCRIPT_SRC = CSP_DEFAULT_SRC + (
+    "unpkg.com",
+)
+
+
 DEV_VERSION = os.environ.get("APIS_DEV_VERSION", True)
 
 BIRTH_REL_ID = 595