Improved merging of CSP headers

2026-05-06 15:24:02 +00:00 · 2017-03-07 21:48:59 +01:00
parent a10090b1fb
commit cbf735487f
2 changed files with 22 additions and 13 deletions
--- a/src/pretix/control/views/init.py
+++ b/src/pretix/control/views/init.py
@@ -33,5 +33,5 @@ class ChartContainingView:
    def get(self, request, *args, **kwargs):
        resp = super().get(request, *args, **kwargs)
        # required by raphael.js
-        resp['Content-Security-Policy'] = "script-src {static} 'unsafe-eval'; style-src {static} 'unsafe-inline'"
+        resp['Content-Security-Policy'] = "script-src 'unsafe-eval'; style-src 'unsafe-inline'"
        return resp