Revert Content-Security-Policy header

3 years ago · 7ae3255ea9
parent 91e6d94c83
commit 7ae3255ea9
1 changed files with 1 additions and 1 deletions
--- a/cps/web.py
+++ b/cps/web.py
@ -84,7 +84,7 @@ except ImportError:

@app.after_request
 def add_security_headers(resp):
-    resp.headers['Content-Security-Policy']= "script-src 'self'" # https://www.googleapis.com https://api.douban.com https://comicvine.gamespot.com;"
+    # resp.headers['Content-Security-Policy']= "script-src 'self'" https://www.googleapis.com https://api.douban.com https://comicvine.gamespot.com;"
    resp.headers['X-Content-Type-Options'] = 'nosniff'
    resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
    resp.headers['X-XSS-Protection'] = '1; mode=block'