CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Allow http: forms during testing

Browse Source
This commit is contained in:
Raphael Michel
2018-02-14 11:50:10 +01:00
parent 58d36b08e2
commit d44eb67dec
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/base/middleware.py
View File

@@ -187,7 +187,7 @@ class SecurityMiddleware(MiddlewareMixin):
# form-actions redirect to. In the context of e.g. payment providers or # form-actions redirect to. In the context of e.g. payment providers or
# single-sign-on this can be nearly anything so we cannot really restrict # single-sign-on this can be nearly anything so we cannot really restrict
# this. However, we'll restrict it to HTTPS. # this. However, we'll restrict it to HTTPS.
'form-action': ["{dynamic}", "https:"], 'form-action': ["{dynamic}", "https:"] + (['http:'] if settings.SITE_URL.startswith('http://') else []),
'report-uri': ["/csp_report/"], 'report-uri': ["/csp_report/"],
} }
if 'Content-Security-Policy' in resp: if 'Content-Security-Policy' in resp: