gru/lista_zakupowa_live
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

flask-talisman + naglowki

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-07-25 19:06:19 +02:00
parent 5e782ba170
commit 7dc49fe160
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app.py
View File

@@ -60,15 +60,16 @@ from pytesseract import Output
app = Flask(__name__)
app.config.from_object(Config)
# Konfiguracja nagłówków bezpieczeństwa z .env
csp_policy = None
if app.config.get("ENABLE_CSP", True):
csp_policy = {
'default-src': "'self'",
'script-src': "'self'",
'style-src': "'self'",
'connect-src': "'self'",
'script-src': "'self'", # wciąż bez inline JS
'style-src': "'self' 'unsafe-inline'", # dopuszczamy style w HTML-u
'img-src': "'self' data:", # pozwalamy na data:image (np. SVG)
'connect-src': "'self'", # WebSockety
'script-src': "'self' 'unsafe-inline'"
}
talisman = Talisman(
@@ -80,7 +81,6 @@ talisman = Talisman(
x_content_type_options=app.config.get("ENABLE_XCTO", True),
)
register_heif_opener() # pillow_heif dla HEIC
ALLOWED_EXTENSIONS = {"png", "jpg", "jpeg", "gif", "webp", "heic"}