Fix CSP shenanigans with setup Wizard

2026-05-24 09:28:37 +00:00 · 2024-02-21 13:37:50 +01:00 · 2024-02-21 13:37:50 +01:00 · 13abf8562e
commit 13abf8562e
parent 28f49c024f
2 changed files with 3 additions and 2 deletions
--- a/src/ui/main.py
+++ b/src/ui/main.py
@ -314,6 +314,8 @@ def set_csp_header(response):
        + f" script-src 'self' 'nonce-{app.config['SCRIPT_NONCE']}';"
        + " style-src 'self' 'unsafe-inline';"
        + " img-src 'self' data: https://assets.bunkerity.com;"
+        + " font-src 'self' data:;"
+        + (" connect-src *;" if not app.config["USER"] else "")
    )
    return response

--- a/src/ui/templates/setup.html
+++ b/src/ui/templates/setup.html
@ -264,7 +264,7 @@
                class="col-span-12 disabled:opacity-75 focus:valid:border-green-500 focus:invalid:border-red-500 outline-none focus:border-primary text-sm leading-5.6 ease block w-full appearance-none rounded-lg border border-solid border-gray-300 bg-white bg-clip-padding px-4 py-2 font-normal text-gray-700 transition-all placeholder:text-gray-500"
                placeholder="/admin"
                value="{{ random_url }}"
-                pattern="\/[a-zA-Z0-9-]{1,255}$"
+                pattern="\/[a-zA-Z0-9\-]{1,255}$"
                required
              />
            </div>
@ -624,7 +624,6 @@
              redirect: "error",
            })
              .then((res) => {
-                console.log(res);
                if (res.status === 200) {
                  setTimeout(() => {
                    window.open(`${api}/login`, "_self");