From d044a34e9b5a0c341581daae03ba40fc72005170 Mon Sep 17 00:00:00 2001 From: Giovane Date: Fri, 4 Sep 2015 11:25:11 -0300 Subject: #304 Include CSP header support to more browsers --- service/pixelated/config/site.py | 6 +++++- service/test/unit/config/test_site.py | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/service/pixelated/config/site.py b/service/pixelated/config/site.py index c6e55102..bd149914 100644 --- a/service/pixelated/config/site.py +++ b/service/pixelated/config/site.py @@ -2,8 +2,12 @@ from twisted.web.server import Site, Request class AddCSPHeaderRequest(Request): + HEADER_VALUES = "default-src 'self'; style-src 'self' 'unsafe-inline'" + def process(self): - self.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'") + self.setHeader("Content-Security-Policy", self.HEADER_VALUES) + self.setHeader("X-Content-Security-Policy", self.HEADER_VALUES) + self.setHeader("X-Webkit-CSP", self.HEADER_VALUES) Request.process(self) diff --git a/service/test/unit/config/test_site.py b/service/test/unit/config/test_site.py index 77d42ed8..1858bfaf 100644 --- a/service/test/unit/config/test_site.py +++ b/service/test/unit/config/test_site.py @@ -9,7 +9,11 @@ class TestPixelatedSite(unittest.TestCase): request = self.create_request() request.process() headers = request.headers - self.assertEqual(headers.get("Content-Security-Policy"), "default-src 'self'; style-src 'self' 'unsafe-inline'") + + header_value = "default-src 'self'; style-src 'self' 'unsafe-inline'" + self.assertEqual(headers.get("Content-Security-Policy"), header_value) + self.assertEqual(headers.get("X-Content-Security-Policy"), header_value) + self.assertEqual(headers.get("X-Webkit-CSP"), header_value) def create_request(self): channel = LineReceiver() -- cgit v1.2.3