Security: enable Content-Security-Policy header

pytition / Pytition

Django app for self-hosted privacy-friendly online petitions

https://pytition.org

BSD 3-Clause "New" or "Revised" License

100 stars 28 forks source link

Security: enable Content-Security-Policy header #185

Open fallen opened 4 years ago

fallen commented 4 years ago

This is not ready yet as I didn't find yet a mean to use the style-src: 'unsafe-inline' CSP attribute for the petition detail template which contains TinyMCE content with lots of inline style="" attributes

So far to make progress on this PR I need help on these points:

[x] https://github.com/mozilla/django-csp/issues/139
[ ] https://github.com/mozilla/django-csp/issues/119