Only load over https, simplify check for local env

fecgov · Aug 28, 2019 · 6018542 · 6018542
1 parent 1faeb80
commit 6018542
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/fec/fec/middleware.py b/fec/fec/middleware.py
@@ -14,13 +14,13 @@ def process_response(self, request, response):
         content_security_policy = {
             "default-src": "'self' *.fec.gov *.app.cloud.gov https://www.google-analytics.com",
             "frame-src": "'self' https://www.google.com/recaptcha/",
-            "img-src": "'self' data: http://*.fastly.net https://www.google-analytics.com",
+            "img-src": "'self' data: https://*.ssl.fastly.net https://www.google-analytics.com",
             "script-src": "'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://polyfill.io https://dap.digitalgov.gov",
             "style-src": "'self' data: 'unsafe-inline'",
             "object-src": "'none'",
             "report-uri": REPORT_URI,
         }
-        if settings.FEC_CMS_ENVIRONMENT == settings.ENVIRONMENTS.get('local'):
+        if settings.FEC_CMS_ENVIRONMENT == 'LOCAL':
             content_security_policy["default-src"] += " localhost:* http://127.0.0.1:*"
 
         response["Content-Security-Policy"] = "".join(