Show More
@@ -48,7 +48,12 b' class AuthenticatedHandler(web.RequestHandler):' | |||||
48 | headers = self.settings.get('headers', {}) |
|
48 | headers = self.settings.get('headers', {}) | |
49 |
|
49 | |||
50 | if "Content-Security-Policy" not in headers: |
|
50 | if "Content-Security-Policy" not in headers: | |
51 |
headers["Content-Security-Policy"] = |
|
51 | headers["Content-Security-Policy"] = ( | |
|
52 | "frame-ancestors 'self'; " | |||
|
53 | # Make sure the report-uri comes out on the base_url | |||
|
54 | "report-uri " + url_path_join(self.base_url, csp_report_uri) + | |||
|
55 | ";" | |||
|
56 | ) | |||
52 |
|
57 | |||
53 | # Allow for overriding headers |
|
58 | # Allow for overriding headers | |
54 | for header_name,value in headers.items() : |
|
59 | for header_name,value in headers.items() : |
@@ -15,7 +15,7 b' class CSPReportHandler(IPythonHandler):' | |||||
15 | def post(self): |
|
15 | def post(self): | |
16 | '''Log a content security policy violation report''' |
|
16 | '''Log a content security policy violation report''' | |
17 | csp_report = self.get_json_body() |
|
17 | csp_report = self.get_json_body() | |
18 |
self.log. |
|
18 | self.log.warn(csp_report) | |
19 |
|
19 | |||
20 | default_handlers = [ |
|
20 | default_handlers = [ | |
21 | (csp_report_uri, CSPReportHandler) |
|
21 | (csp_report_uri, CSPReportHandler) |
General Comments 0
You need to be logged in to leave comments.
Login now