talisman skip_if=csp_exempt

2025-07-25 21:25:44 +02:00
parent e806976453
commit c8a5db6715
1 changed files with 10 additions and 11 deletions
--- a/app.py
+++ b/app.py
@@ -63,16 +63,6 @@ logging.getLogger("werkzeug").setLevel(logging.INFO)
 app = Flask(__name__)
 app.config.from_object(Config)

-# wykluczenie /healthcheck z talisman
-@app.route("/healthcheck")
-def healthcheck():
-    header_token = request.headers.get("X-Internal-Check")
-    correct_token = app.config.get("HEALTHCHECK_TOKEN")
-
-    if header_token != correct_token:
-        abort(404)
-    return "OK", 200
-
 # Konfiguracja nagłówków bezpieczeństwa z .env
 csp_policy = None
 if app.config.get("ENABLE_CSP", True):
@@ -89,7 +79,7 @@ permissions_policy = {"browsing-topics": "()"} if app.config["ENABLE_PP"] else N

 talisman = Talisman(
    app,
-    force_https=app.config.get("ENABLE_HSTS", True),
+    force_https=False,
    strict_transport_security=app.config.get("ENABLE_HSTS", True),
    frame_options="DENY" if app.config.get("ENABLE_XFO", True) else None,
    permissions_policy=permissions_policy,
@@ -2231,6 +2221,15 @@ def recalculate_filesizes():
    )
    return redirect(url_for("admin_receipts", id="all"))

+@app.route("/healthcheck")
+def healthcheck():
+    header_token = request.headers.get("X-Internal-Check")
+    correct_token = app.config.get("HEALTHCHECK_TOKEN")
+
+    if header_token != correct_token:
+        abort(404)
+    return "OK", 200
+
 # =========================================================================================
 # SOCKET.IO
 # =========================================================================================