From ea0658e2ead5b1d22a18c36ff9eae6328b2787a8 Mon Sep 17 00:00:00 2001 From: Izalia Mae Date: Sat, 16 Mar 2024 06:10:58 -0400 Subject: [PATCH] don't set csp header on /api routes --- relay/application.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/relay/application.py b/relay/application.py index abe8258..e312692 100644 --- a/relay/application.py +++ b/relay/application.py @@ -333,7 +333,7 @@ async def handle_response_headers(request: web.Request, handler: Callable) -> Re resp.headers['Server'] = 'ActivityRelay' # Still have to figure out how csp headers work - if resp.content_type == 'text/html': + if resp.content_type == 'text/html' and not request.path.startswith("/api"): resp.headers['Content-Security-Policy'] = get_csp(request) if not request.app['dev'] and request.path.endswith(('.css', '.js')):