mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-11-04 12:18:17 +00:00
CSP filters: add explicit style-src-elem handling and improve unit tests
See ChatGPT conversation: https://chatgpt.com/share/68b4a82c-e0c8-800f-9273-9165ce1aa8d6
This commit is contained in:
@@ -111,17 +111,18 @@ class FilterModule(object):
|
|||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
directives = [
|
directives = [
|
||||||
'default-src',
|
'default-src', # Fallback source list for all content types not explicitly listed
|
||||||
'connect-src',
|
'connect-src', # Controls allowed URLs for XHR, WebSockets, EventSource, and fetch()
|
||||||
'frame-ancestors',
|
'frame-ancestors', # Restricts which parent frames can embed this page via <iframe>, <object>, <embed>, <applet>
|
||||||
'frame-src',
|
'frame-src', # Controls allowed sources for nested browsing contexts like <iframe>
|
||||||
'script-src',
|
'script-src', # Controls allowed sources for inline scripts and <script> elements (general script execution)
|
||||||
'script-src-elem',
|
'script-src-elem', # Controls allowed sources specifically for <script> elements (separate from inline/event handlers)
|
||||||
'style-src',
|
'style-src', # Controls allowed sources for inline styles and <style>/<link> elements (general styles)
|
||||||
'font-src',
|
'style-src-elem', # Controls allowed sources specifically for <style> and <link rel="stylesheet"> elements
|
||||||
'worker-src',
|
'font-src', # Controls allowed sources for fonts loaded via @font-face
|
||||||
'manifest-src',
|
'worker-src', # Controls allowed sources for web workers, shared workers, and service workers
|
||||||
'media-src',
|
'manifest-src', # Controls allowed sources for web app manifests
|
||||||
|
'media-src', # Controls allowed sources for media files like <audio> and <video>
|
||||||
]
|
]
|
||||||
parts = []
|
parts = []
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user