app.py

@@ -64,8 +64,14 @@ app = Flask(__name__)
 app.config.from_object(Config)
 
 # wykluczenie /healthcheck z talisman
-def csp_exempt(path):
-    return path == "/healthcheck"
+@app.route("/healthcheck")
+def healthcheck():
+    header_token = request.headers.get("X-Internal-Check")
+    correct_token = app.config.get("HEALTHCHECK_TOKEN")
+
+    if header_token != correct_token:
+        abort(404)
+    return "OK", 200
 
 # Konfiguracja nagłówków bezpieczeństwa z .env
 csp_policy = None
@@ -90,7 +96,6 @@ talisman = Talisman(
     content_security_policy=csp_policy,
     x_content_type_options=app.config.get("ENABLE_XCTO", True),
     strict_transport_security_include_subdomains=False,
-    skip_if=csp_exempt
 )
 
 register_heif_opener()  # pillow_heif dla HEIC
@@ -2226,17 +2231,6 @@ def recalculate_filesizes():
     )
     return redirect(url_for("admin_receipts", id="all"))
 
-
-@app.route("/healthcheck")
-def healthcheck():
-    header_token = request.headers.get("X-Internal-Check")
-    correct_token = app.config.get("HEALTHCHECK_TOKEN")
-
-    if header_token != correct_token:
-        abort(404)
-    return "OK", 200
-
-
 # =========================================================================================
 # SOCKET.IO
 # =========================================================================================