Allow to turn off CSP reporting

2026-05-04 15:04:03 +00:00 · 2020-06-15 15:11:28 +02:00
parent c992de341f
commit d975a68641
3 changed files with 5 additions and 1 deletions
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -212,8 +212,9 @@ class SecurityMiddleware(MiddlewareMixin):
            # single-sign-on this can be nearly anything so we cannot really restrict
            # this. However, we'll restrict it to HTTPS.
            'form-action': ["{dynamic}", "https:"] + (['http:'] if settings.SITE_URL.startswith('http://') else []),
-            'report-uri': ["/csp_report/"],
        }
+        if settings.LOG_CSP:
+            h['report-uri'] = ["/csp_report/"]
        if 'Content-Security-Policy' in resp:
            _merge_csp(h, _parse_csp(resp['Content-Security-Policy']))