Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flask-Tailsman #121

Open
fras2560 opened this issue Apr 24, 2021 · 2 comments
Open

Flask-Tailsman #121

fras2560 opened this issue Apr 24, 2021 · 2 comments
Labels
enhancement

Comments

@fras2560
Copy link
Member

One security library is Flask-Tailsman. It seems to enforce good security enforcement. However, it seems the current structure of the app would need to be adjust to make it work.

This ticket should aim to use Flask-Tailsman to help improve security of the app.
fras2560 added a commit that referenced this issue Apr 24, 2021
@fras2560
CSP seems to restrictive.
a5d605b 
Created #121 to deal with the issues
Just disabled for now
@fras2560 fras2560 mentioned this issue Apr 24, 2021
Merged
@fras2560
Copy link
Member Author

So it seems this library works but just not with CSP enabled.

@fras2560
Copy link
Member Author

fras2560 commented Feb 5, 2024

#206

This PR introduces a weak policy that could be used moving forward.

However, for a good policy probably want to:

  • Move all in-line scripts to files
  • Remove all in-line styles
  • Update readme to explain impact of CSP and what should not be used for development
  • Add readme steps for testing locally https

Going to work through replacing the admin before focusing on this. Admin and documentation have alot of inline style and scripts so replacing them will make things easier.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fras2560