upstream/ipython Commit - r19151:8eb4f71c

Report CSP violations as warnings.

Kyle Kelley -

r19151:8eb4f71c

parent child

IPython/html/base/handlers.py

0 +6 -1

                     headers = self.settings.get('headers', {})
                     if "Content-Security-Policy" not in headers:
-                        headers["Content-Security-Policy"] = "frame-ancestors 'self'"
+                        headers["Content-Security-Policy"] = (
+                                "frame-ancestors 'self'; "
+                                # Make sure the report-uri comes out on the base_url
+                                "report-uri " + url_path_join(self.base_url, csp_report_uri) +
+                                ";"
+                        )
                     # Allow for overriding headers
                     for header_name,value in headers.items() :

IPython/html/services/security/handlers.py

0 +1 -1

                 def post(self):
                     '''Log a content security policy violation report'''
                     csp_report = self.get_json_body()
-                    self.log.debug(csp_report)
+                    self.log.warn(csp_report)
             default_handlers = [
                 (csp_report_uri, CSPReportHandler)

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages