task WI-46: Setup CMS using django-csp #672
Draft
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
To become fully secure site, adding detailed Content Security Policy is needed.
This uses django-csp to enable csp.
Related
Changes
This PR adds CSP headers for
Also, ensure the current script tags use nonce.
The setup right now is in "report only" mode to allow for opt-in and fully functional app.
Testing
UI
No UI change.
Notes:
At this point, due to possibly breaking the app due to CSP, this PR is in draft mode. Other mitigations are deployed via TACC/Camino#32