mirror of
https://git.v0id.ovh/n3wt-innov/n3wt-school.git
synced 2026-04-03 16:51:26 +00:00
29 lines
966 B
Python
29 lines
966 B
Python
from django.conf import settings
|
|
|
|
|
|
class ContentSecurityPolicyMiddleware:
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
response = self.get_response(request)
|
|
|
|
# Content Security Policy
|
|
response['Content-Security-Policy'] = (
|
|
f"frame-ancestors 'self' {settings.BASE_URL}; "
|
|
"default-src 'self'; "
|
|
"script-src 'self'; "
|
|
"style-src 'self' 'unsafe-inline'; "
|
|
"img-src 'self' data: blob:; "
|
|
"font-src 'self'; "
|
|
"connect-src 'self'; "
|
|
"object-src 'none'; "
|
|
"base-uri 'self';"
|
|
)
|
|
# En-têtes de sécurité complémentaires
|
|
response['X-Content-Type-Options'] = 'nosniff'
|
|
response['Referrer-Policy'] = 'strict-origin-when-cross-origin'
|
|
response['Permissions-Policy'] = 'geolocation=(), microphone=(), camera=()'
|
|
|
|
return response
|