Fix #765 -- Include P3P header

2026-05-04 15:04:03 +00:00 · 2018-06-25 12:17:49 +02:00
parent 9cff77be62
commit fb96787697
1 changed files with 6 additions and 0 deletions
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -172,6 +172,12 @@ class SecurityMiddleware(MiddlewareMixin):
            return resp

        resp['X-XSS-Protection'] = '1'
+
+        # We just need to have a P3P, not matter whats in there
+        # https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/
+        # https://github.com/pretix/pretix/issues/765
+        resp['P3P'] = 'CP=\"ALL DSP COR CUR ADM TAI OUR IND COM NAV INT\"'
+
        h = {
            'default-src': ["{static}"],
            'script-src': ['{static}', 'https://checkout.stripe.com', 'https://js.stripe.com'],