Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/hgweb/request.py @ 37828:3e3acf5d6a07 stable
hgweb: allow Content-Security-Policy header on 304 responses (issue5844)
A side-effect of 98baf8dea553 was that the Content-Security-Policy
header was set on all HTTP responses by default. This header wasn't
in our list of allowed headers for HTTP 304 responses. This would
trigger a ProgrammingError when a 304 response was issued via hgwebdir.
This commit adds Content-Security-Policy to the allow list of headers
for 304 responses so we no longer encounter the error.
Differential Revision: https://phab.mercurial-scm.org/D3436
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Mon, 30 Apr 2018 17:28:59 -0700 |
| parents | e82b137a8b4e |
| children | 6107d4549fcc |
comparison
equal
deleted
inserted
replaced
| 37827:11ee9bf24791 | 37828:3e3acf5d6a07 |
|---|---|
| 471 # problems, let's be strict. | 471 # problems, let's be strict. |
| 472 badheaders = {k for k in self.headers.keys() | 472 badheaders = {k for k in self.headers.keys() |
| 473 if k.lower() not in ('date', 'etag', 'expires', | 473 if k.lower() not in ('date', 'etag', 'expires', |
| 474 'cache-control', | 474 'cache-control', |
| 475 'content-location', | 475 'content-location', |
| 476 'content-security-policy', | |
| 476 'vary')} | 477 'vary')} |
| 477 if badheaders: | 478 if badheaders: |
| 478 raise error.ProgrammingError( | 479 raise error.ProgrammingError( |
| 479 'illegal header on 304 response: %s' % | 480 'illegal header on 304 response: %s' % |
| 480 ', '.join(sorted(badheaders))) | 481 ', '.join(sorted(badheaders))) |