From d8d786aed803d02b1eb0a33cb7723b2f613fb4e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Fri, 25 Jul 2025 21:17:05 +0200
Subject: [PATCH] talisman skip_if=csp_exempt

---
 app.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index dca59e7..3ded80c 100644
--- a/app.py
+++ b/app.py
@@ -63,6 +63,10 @@ logging.getLogger("werkzeug").setLevel(logging.INFO)
 app = Flask(__name__)
 app.config.from_object(Config)
 
+# wykluczenie /healthcheck z talisman
+def csp_exempt(path):
+    return path == "/healthcheck"
+
 # Konfiguracja nagłówków bezpieczeństwa z .env
 csp_policy = None
 if app.config.get("ENABLE_CSP", True):
@@ -86,6 +90,7 @@ talisman = Talisman(
     content_security_policy=csp_policy,
     x_content_type_options=app.config.get("ENABLE_XCTO", True),
     strict_transport_security_include_subdomains=False,
+    skip_if=csp_exempt
 )
 
 register_heif_opener()  # pillow_heif dla HEIC
@@ -2223,7 +2228,6 @@ def recalculate_filesizes():
 
 
 @app.route("/healthcheck")
-@talisman.exempt
 def healthcheck():
     header_token = request.headers.get("X-Internal-Check")
     correct_token = app.config.get("HEALTHCHECK_TOKEN")