From fca2916c71af4374e09ce7f8612c27df8f46294c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20H=C3=A4ttasch?=
 <benjamin.haettasch@fachschaft.informatik.tu-darmstadt.de>
Date: Sun, 9 May 2021 00:18:10 +0200
Subject: [PATCH] Make CSP stricter (prevent external images or media)

---
 AKPlanning/settings.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/AKPlanning/settings.py b/AKPlanning/settings.py
index 835a0281..24346632 100644
--- a/AKPlanning/settings.py
+++ b/AKPlanning/settings.py
@@ -199,8 +199,7 @@ LOGIN_REDIRECT_URL = SIMPLE_BACKEND_REDIRECT_URL
 CSP_DEFAULT_SRC = ("'self'",)
 CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'")
 CSP_STYLE_SRC = ("'self'", "'unsafe-inline'", "fonts.googleapis.com")
-CSP_IMG_SRC = ("*", "data:")
-CSP_MEDIA_SRC = ("*", )
+CSP_IMG_SRC = ("'self'", "data:")
 CSP_FRAME_SRC = ("'self'", )
 CSP_FONT_SRC = ("'self'", "data:", "fonts.gstatic.com")
 
-- 
GitLab