Merge pull request #60 from geektechdude/csp-header-in-one

Csp header in one
geektechdude · Jun 29, 2023 · 2868f95 · 2868f95
2 parents 7e5d4de + 551a842
commit 2868f95
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 9 deletions.
diff --git a/flaskwebapp/app/auth/views.py b/flaskwebapp/app/auth/views.py
@@ -12,9 +12,8 @@ def headers(response):
     # https://flask.palletsprojects.com/en/2.3.x/security/#security-headers
     response.headers['X-Content-Type-Options'] = 'nosniff'
     response.headers['X-Frame-Options'] = 'SAMEORIGIN'
-    response.headers['Content-Security-Policy'] = "default-src 'self';"
-    response.headers['Content-Security-Policy'] = "frame-ancestors 'self';"
-    response.headers['Content-Security-Policy'] = "form-action 'self';"
+    response.headers['Content-Security-Policy'] = "default-src 'self'; \
+        frame-ancestors 'self'; form-action 'self';"
     response.headers['Server'] = "GeekTechStuff"
     return response
 

diff --git a/flaskwebapp/app/main/errors.py b/flaskwebapp/app/main/errors.py
@@ -6,9 +6,8 @@ def headers(response):
     # https://flask.palletsprojects.com/en/2.3.x/security/#security-headers
     response.headers['X-Content-Type-Options'] = 'nosniff'
     response.headers['X-Frame-Options'] = 'SAMEORIGIN'
-    response.headers['Content-Security-Policy'] = "default-src 'self';"
-    response.headers['Content-Security-Policy'] = "frame-ancestors 'self';"
-    response.headers['Content-Security-Policy'] = "form-action 'self';"
+    response.headers['Content-Security-Policy'] = "default-src 'self'; \
+        frame-ancestors 'self'; form-action 'self';"
     response.headers['Server'] = "GeekTechStuff"
     return response
 

diff --git a/flaskwebapp/app/main/views.py b/flaskwebapp/app/main/views.py
@@ -14,9 +14,8 @@ def headers(response):
     # https://flask.palletsprojects.com/en/2.3.x/security/#security-headers
     response.headers['X-Content-Type-Options'] = 'nosniff'
     response.headers['X-Frame-Options'] = 'SAMEORIGIN'
-    response.headers['Content-Security-Policy'] = "default-src 'self';"
-    response.headers['Content-Security-Policy'] = "frame-ancestors 'self';"
-    response.headers['Content-Security-Policy'] = "form-action 'self';"
+    response.headers['Content-Security-Policy'] = "default-src 'self'; \
+        frame-ancestors 'self'; form-action 'self';"
     response.headers['Server'] = "GeekTechStuff"
     return response