habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

set schema

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2024-03-21 22:51:55 +01:00
parent 3afe386e18
commit b42eb0706d
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
authentik/brands/middleware.py
View File

@ -60,7 +60,9 @@ class BrandCSPHeaderMiddleware:
def get_csp(self, request: HttpRequest) -> str: def get_csp(self, request: HttpRequest) -> str:
brand: "Brand" = request.brand brand: "Brand" = request.brand
elements = self.default_csp_elements.copy() elements = self.default_csp_elements.copy()
elements["frame-ancestors"] = [f"https://{brand.domain}"] elements["frame-ancestors"] = [
f"{'https' if request.is_secure() else 'http'}://{brand.domain}"
]
return ";".join(f"{attr} {" ".join(value)}" for attr, value in elements.items()) return ";".join(f"{attr} {" ".join(value)}" for attr, value in elements.items())
def __call__(self, request: HttpRequest) -> HttpResponse: def __call__(self, request: HttpRequest) -> HttpResponse: