CSP header: enforce mode (#9373)

humitos · web-flow · commit 9fbe1f9ccf64 · 2022-06-24T20:12:53.000+02:00
diff --git a/readthedocs/settings/base.py b/readthedocs/settings/base.py
@@ -105,7 +105,7 @@ def SESSION_COOKIE_SAMESITE(self):
     CSP_FRAME_ANCESTORS = ("'none'",)
     CSP_OBJECT_SRC = ("'none'",)
     CSP_REPORT_URI = None
-    CSP_REPORT_ONLY = True  # Set to false to enable CSP in blocking mode
+    CSP_REPORT_ONLY = False
     CSP_EXCLUDE_URL_PREFIXES = (
         "/admin/",
     )

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ def SESSION_COOKIE_SAMESITE(self):`
`105`	`105`	`CSP_FRAME_ANCESTORS = ("'none'",)`
`106`	`106`	`CSP_OBJECT_SRC = ("'none'",)`
`107`	`107`	`CSP_REPORT_URI = None`
`108`		`- CSP_REPORT_ONLY = True # Set to false to enable CSP in blocking mode`
	`108`	`+ CSP_REPORT_ONLY = False`
`109`	`109`	`CSP_EXCLUDE_URL_PREFIXES = (`
`110`	`110`	`"/admin/",`
`111`	`111`	`)`