From f2a5347f77d8b5acd9bfcace7df7bc5f9dadb698 Mon Sep 17 00:00:00 2001 From: vincent porte Date: Tue, 26 Sep 2023 09:29:34 +0200 Subject: [PATCH] [CSP] limit cdn.jsdelivr.net to /npm/chart.js --- config/settings/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/settings/base.py b/config/settings/base.py index 90030dfe4..39eda36ae 100644 --- a/config/settings/base.py +++ b/config/settings/base.py @@ -360,7 +360,7 @@ CSP_FONT_SRC = ("'self'", "https://fonts.gstatic.com/", "data:") CSP_SCRIPT_SRC = ( "'self'", - "https://cdn.jsdelivr.net", + "https://cdn.jsdelivr.net/npm/chart.js", "https://tally.so", "https://stats.data.gouv.fr/piwik.js", )