From 3ac9b93ddf2aef2a81a1a0e358de9760a430e6a9 Mon Sep 17 00:00:00 2001
From: ougongchang <ougongchang@huawei.com>
Date: Thu, 11 Jun 2020 16:29:20 +0800
Subject: [PATCH] add unsafe-eval CSP to application. The d3-graphviz 3.0
 version is required to open unsafe-eval CSP.

---
 mindinsight/backend/application.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mindinsight/backend/application.py b/mindinsight/backend/application.py
index 5752a8a..dc16c5d 100644
--- a/mindinsight/backend/application.py
+++ b/mindinsight/backend/application.py
@@ -45,6 +45,7 @@ def get_security_headers():
         'frame-src': ["'self'"] + domain_white_list,
         'frame-ancestors': ["'self'"] + domain_white_list,
         'default-src': ["'self'"],
+        'script-src': ["'self'", "'unsafe-eval'"]
     }
 
     headers = {
-- 
GitLab