settings/dev: allow http for berlin.de in csp

liqd · Oct 25, 2023 · 0881a95 · 0881a95
1 parent e1045b9
commit 0881a95
Showing 1 changed file with 21 additions and 3 deletions.
diff --git a/digitalstrategie/settings/dev.py b/digitalstrategie/settings/dev.py
@@ -38,7 +38,7 @@
             "USER": "django",
             "PASSWORD": "",
             "HOST": "",
-            "PORT": "5557",
+            "PORT": "",
             "OPTIONS": {},
         }
     }
@@ -55,6 +55,10 @@
     "https://stats.liqd.net",
     "https://berlin.de",
     "https://www.berlin.de",
+    # only for local testing
+    "http://berlin.de",
+    "http://www.berlin.de",
+
 ]
 CSP_IMG_SRC = [
     "'self'",
@@ -80,11 +84,25 @@
     "https://stats.liqd.net",
     "https://releases.wagtail.io",
 ]
-CSP_STYLE_SRC = ["'self'", "https://berlin.de", "https://www.berlin.de"]
+CSP_STYLE_SRC = [
+    "'self'",
+    "https://berlin.de",
+    "https://www.berlin.de",
+    # only for local testing
+    "http://berlin.de",
+    "http://www.berlin.de",
+]
 # wagtail userbar requires unsafe-inline for wagtail <= 4.1
 CSP_STYLE_SRC_ATTR = ["'self'", "'unsafe-inline'"]
 # wagtail admin vendor.js requires unsafe-inline
-CSP_STYLE_SRC_ELEM = ["'self'", "https://berlin.de", "https://www.berlin.de"]
+CSP_STYLE_SRC_ELEM = [
+    "'self'",
+    "https://berlin.de",
+    "https://www.berlin.de"
+    # only for local testing
+    "http://berlin.de",
+    "http://www.berlin.de",
+]
 CSP_BASE_URI = ["'self'"]
 CSP_CHILD_SRC = ["'none'"]
 CSP_FRAME_ANCESTORS = ["'self'"]