lucaspalomodevelop/indico-plugins
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/indico-plugins.git synced 2026-03-13 15:34:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove Cloudflare's CDN from whitelist

Browse Source 
Angular + Prototype are exploitable when together :/
This commit is contained in:
Pedro Ferreira 2016-02-12 10:19:46 +01:00
parent 9413a611a9
commit 39fd3066d9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
previewer_jupyter/indico_previewer_jupyter/controllers.py
View File

@ -57,7 +57,7 @@ class RHEventPreviewIPyNB(RH):
response = current_app.response_class(html)
# Use CSP to restrict access to possibly malicious scripts or inline JS
csp_header = "script-src cdn.mathjax.org cdnjs.cloudflare.com 'nonce-{}';".format(nonce)
csp_header = "script-src cdn.mathjax.org 'nonce-{}';".format(nonce)
response.headers['Content-Security-Policy'] = csp_header
response.headers['X-Webkit-CSP'] = csp_header
# IE10 doesn't have proper CSP support, so we need to be more strict