CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Fixed broken Django error pages due to CSP headers

Browse Source
This commit is contained in:
Raphael Michel
2016-07-29 20:53:51 +02:00
parent 4ab819aeed
commit 99604036c2
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/pretix/base/middleware.py
View File

@@ -147,6 +147,11 @@ class SecurityMiddleware:
return "; ".join(k + ' ' + v for k, v in h.items()) return "; ".join(k + ' ' + v for k, v in h.items())
def process_response(self, request, resp): def process_response(self, request, resp):
if settings.DEBUG and resp.status_code >= 400:
# Don't use CSP on debug error page as it breaks of Django's fancy error
# pages
return resp
resp['X-XSS-Protection'] = '1' resp['X-XSS-Protection'] = '1'
h = { h = {
'default-src': "{static}", 'default-src': "{static}",