Adapted CSP to new server dict structure

2025-08-30 07:18:09 +02:00 · 2025-08-07 13:00:52 +02:00
parent 051e4accd6
commit 5a0684fa2d
5 changed files with 41 additions and 36 deletions
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@@ -23,7 +23,7 @@ class FilterModule(object):
    @staticmethod
    def get_csp_whitelist(applications, application_id, directive):
        app = applications.get(application_id, {})
-        wl = app.get('csp', {}).get('whitelist', {}).get(directive, [])
+        wl = app.get('server',{}).get('csp', {}).get('whitelist', {}).get(directive, [])
        if isinstance(wl, list):
            return wl
        if wl:
@@ -37,7 +37,7 @@ class FilterModule(object):
        e.g., "'unsafe-eval'", "'unsafe-inline'", etc.
        """
        app = applications.get(application_id, {})
-        flags = app.get('csp', {}).get('flags', {}).get(directive, {})
+        flags = app.get('server',{}).get('csp', {}).get('flags', {}).get(directive, {})
        tokens = []

        for flag_name, enabled in flags.items():
@@ -52,7 +52,7 @@ class FilterModule(object):
        Return inline script/style snippets to hash for a given CSP directive.
        """
        app = applications.get(application_id, {})
-        snippets = app.get('csp', {}).get('hashes', {}).get(directive, [])
+        snippets = app.get('server',{}).get('csp', {}).get('hashes', {}).get(directive, [])
        if isinstance(snippets, list):
            return snippets
        if snippets:
--- a/filter_plugins/csp_hashes.py
+++ b/filter_plugins/csp_hashes.py
@@ -13,7 +13,8 @@ def append_csp_hash(applications, application_id, code_one_liner):

    apps = copy.deepcopy(applications)
    app = apps[application_id]
-    csp = app.setdefault('csp', {})
+    server = app.setdefault('server', {})
+    csp = server.setdefault('csp', {})
    hashes = csp.setdefault('hashes', {})

    existing = hashes.get('script-src-elem', [])