projects / pgweb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 36277b9)
Add CSP for GTM.
authorDave Page <dpage@pgadmin.org>
Thu, 2 Jul 2020 15:26:08 +0000 (16:26 +0100)
committerDave Page <dpage@pgadmin.org>
Thu, 2 Jul 2020 15:26:08 +0000 (16:26 +0100)
pgweb/util/middleware.py patch | blob | blame | history

diff --git a/pgweb/util/middleware.py b/pgweb/util/middleware.py
index 0656017395dd534103a3f9ca7b715736bfb41230..e16796fd6496fa9b2d9f437cb8342189b70e4c22 100644 (file)
--- a/pgweb/util/middleware.py
+++ b/pgweb/util/middleware.py
@@ -46,10 +46,10 @@ class PgMiddleware(object):
         sources = OrderedDict([
             ('default', ["'self'", ]),
             ('img', ['*', 'data:', ]),
-            ('script', ["'self'", "www.google-analytics.com", "ssl.google-analytics.com", "data:"]),
+            ('script', ["'unsafe-eval'", "'self'", "www.google-analytics.com", "ssl.google-analytics.com", "www.googletagmanager.com", "tagmanager.google.com", "data:"]),
             ('connect', ["'self'", "www.google-analytics.com", "ssl.google-analytics.com"]),
             ('media', ["'self'", ]),
-            ('style', ["'self'", "fonts.googleapis.com"]),
+            ('style', ["'self'", "fonts.googleapis.com", "tagmanager.google.com"]),
             ('font', ["'self'", "fonts.gstatic.com", "data:", ]),
         ])
         if hasattr(response, 'x_allow_extra_sources'):
This is the code for the postgresql.org website