m/sfera
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSP for HTML5 responses
CI / python (push) Has been cancelled
Details
CI / rust (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Mikhail
2026-05-17 12:45:54 +03:00
parent 2e6fee5fc7
commit faf1bbd10a
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/api-server/tests/test_api.py
+9
View File
@@ -57,6 +57,15 @@ def assert_html5_response_contract(response, *markers: str, full_page: bool = Fa
assert "text/html" in response.headers["content-type"]
assert response.headers["cache-control"] == "no-cache, no-transform"
assert response.headers["x-content-type-options"] == "nosniff"
assert response.headers["content-security-policy"] == (
"default-src 'self'; "
"script-src 'self'; "
"style-src 'self'; "
"connect-src 'self'; "
"img-src 'self' data:; "
"base-uri 'self'; "
"form-action 'self'"
)
assert_html5_contract(response.text, *markers, full_page=full_page)