-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use flask-talisman for handling backend response headers #3404
Conversation
@rauchy Oh dang, I had missed your PR, apologies for the overlap 😬 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good to me!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, please see comments.
d697222
to
bb26cee
Compare
@arikfr Is there anything needed to merge this? |
@arikfr Anything needed to merge this? |
Time. |
## What type of PR is this? (check all applicable) - [x] Bug Fix ## Description Without this change the Help Drawer couldn't load content anymore. ## Related Tickets & Documents #3404
) * Normalize Flask initialization API use. * Use Flask-Talisman. * Enable HSTS when HTTPS is enforced. * More details about how CSP is formatted and write CSP directives as a string. * Use CSP frame-ancestors directive and not X-Frame-Options for embedable endpoints. * Add link to flask-talisman docs. * set remember_token cookie to be HTTP-Only and Secure * Reorganize secret key configuration to be forward thinking and backward compatible.
## What type of PR is this? (check all applicable) - [x] Bug Fix ## Description Without this change the Help Drawer couldn't load content anymore. ## Related Tickets & Documents getredash#3404
Fixes #3060.
Refs #3044.
Refs mozilla#562.
Helps #2891. 🎉