feat: implement Content Security Policy and update dependencies in HTML template

gopavasanth · gopavasanth · commit a121eb4dacbd · 2026-02-22T22:02:14.000+05:30
diff --git a/app.py b/app.py
@@ -10,6 +10,20 @@
 app = Flask(__name__)
 CORS(app)  # Enable CORS for all routes
 
+CSP_POLICY = (
+    "default-src 'self'; "
+    "script-src 'self' 'unsafe-inline' https://tools-static.wmflabs.org; "
+    "style-src 'self' 'unsafe-inline' https://tools-static.wmflabs.org; "
+    "connect-src 'self' https://api.github.com; "
+    "img-src 'self' data:; "
+    "font-src 'self' https://tools-static.wmflabs.org data:"
+)
+
+@app.after_request
+def set_security_headers(response):
+    response.headers['Content-Security-Policy'] = CSP_POLICY
+    return response
+
 behaviour_switches = ['__NOTOC__', '__FORCETOC__', '__TOC__', '__NOEDITSECTION__', '__NEWSECTIONLINK__', '__NONEWSECTIONLINK__', '__NOGALLERY__', '__HIDDENCAT__', '__EXPECTUNUSEDCATEGORY__', '__NOCONTENTCONVERT__', '__NOCC__', '__NOTITLECONVERT__', '__NOTC__', '__START__', '__END__', '__INDEX__', '__NOINDEX__', '__STATICREDIRECT__', '__EXPECTUNUSEDTEMPLATE__', '__NOGLOBAL__', '__DISAMBIG__', '__EXPECTED_UNCONNECTED_PAGE__', '__ARCHIVEDTALK__', '__NOTALK__', '__EXPECTWITHOUTSCANS__']
 
 # --- Helper Functions for Processing Different Wikitext Elements ---
diff --git a/templates/home.html b/templates/home.html
@@ -6,12 +6,12 @@
     <title>Wikitext to Translatable Wikitext Converter</title>
     <link
       rel="stylesheet"
-      href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.0/css/bootstrap.min.css"
+      href="https://tools-static.wmflabs.org/cdnjs/ajax/libs/bootstrap/5.3.8/css/bootstrap.min.css"
     />
 
     <link
       rel="stylesheet"
-      href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/atom-one-light.min.css"
+      href="https://tools-static.wmflabs.org/cdnjs/ajax/libs/highlight.js/11.11.1/styles/atom-one-light.min.css"
     />
     <style>
       html,
@@ -140,8 +140,8 @@ <h5>Translatable Wikitext Output</h5>
     </div>
 
     <!-- Bootstrap JS and dependencies -->
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.0/js/bootstrap.bundle.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
+    <script src="https://tools-static.wmflabs.org/cdnjs/ajax/libs/bootstrap/5.3.8/js/bootstrap.bundle.min.js"></script>
+    <script src="https://tools-static.wmflabs.org/cdnjs/ajax/libs/highlight.js/11.11.1/highlight.min.js"></script>
     <script>
       hljs.highlightAll();
 
