import django.contrib.auth.views as authviews
from django.http import HttpResponseRedirect, Http404, HttpResponse
from django.shortcuts import get_object_or_404
-from pgweb.util.decorators import login_required, script_sources
+from pgweb.util.decorators import login_required, script_sources, frame_sources
from django.utils.encoding import force_bytes
from django.utils.http import urlsafe_base64_encode
from django.contrib.auth.tokens import default_token_generator
@script_sources('https://www.google.com/recaptcha/')
@script_sources('https://www.gstatic.com/recaptcha/')
+@frame_sources('https://www.google.com/')
def signup(request):
if request.user.is_authenticated():
return HttpServerError(request, "You must log out before you can sign up for a new account")
})
+@script_sources('https://www.google.com/recaptcha/')
+@script_sources('https://www.gstatic.com/recaptcha/')
+@frame_sources('https://www.google.com/')
@transaction.atomic
def signup_oauth(request):
if not request.session.has_key('oauth_email') \
def script_sources(source):
return content_sources('script', source)
+def frame_sources(source):
+ return content_sources('frame', source)
+
# A wrapped version of login_required that throws an exception if it's
# used on a path that's not under /account/.
def login_required(f):
])
if hasattr(response, 'x_allow_extra_sources'):
for k,v in response.x_allow_extra_sources.items():
- sources[k].extend(v)
+ if k in sources:
+ sources[k].extend(v)
+ else:
+ sources[k] = v
security_policies = ["{0}-src {1}".format(k," ".join(v)) for k,v in sources.items()]
projects / pgweb.git / commitdiff