alee/golfgame
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow ws:// in production CSP for pre-SSL WebSocket connections

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
adlee-was-taken 2026-02-21 20:30:29 -05:00
parent bda88d8218
commit 62e3dc0395
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/middleware/security.py
View File

@ -110,8 +110,10 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
# Add WebSocket URLs # Add WebSocket URLs
if self.environment == "production": if self.environment == "production":
connect_sources.append(f"ws://{host}")
connect_sources.append(f"wss://{host}") connect_sources.append(f"wss://{host}")
for allowed_host in self.allowed_hosts: for allowed_host in self.allowed_hosts:
connect_sources.append(f"ws://{allowed_host}")
connect_sources.append(f"wss://{allowed_host}") connect_sources.append(f"wss://{allowed_host}")
else: else:
# Development - allow ws:// and wss:// # Development - allow ws:// and wss://