diff --git a/cl/settings/project/security.py b/cl/settings/project/security.py
index 0ecfbbc3aa..5d610312b2 100644
--- a/cl/settings/project/security.py
+++ b/cl/settings/project/security.py
@@ -85,9 +85,9 @@
"'self'",
f"https://{AWS_S3_CUSTOM_DOMAIN}/", # for embedded PDFs
"https://hcaptcha.com/",
- "https://*.hcaptcha.com",
+ "https://*.hcaptcha.com/",
"https://plausible.io/",
- "https://api.stripe.com",
+ "https://api.stripe.com/",
)
CSP_FONT_SRC = (
"'self'",
@@ -98,16 +98,16 @@
"'self'",
f"https://{AWS_S3_CUSTOM_DOMAIN}/", # for embedded PDFs
"https://hcaptcha.com/",
- "https://*.hcaptcha.com",
- "https://js.stripe.com",
- "https://hooks.stripe.com",
+ "https://*.hcaptcha.com/",
+ "https://js.stripe.com/",
+ "https://hooks.stripe.com/",
)
CSP_IMG_SRC = (
"'self'",
f"https://{AWS_S3_CUSTOM_DOMAIN}/",
- "https://portraits.free.law",
+ "https://portraits.free.law/",
"data:", # @tailwindcss/forms uses data URIs for images.
- "https://*.stripe.com",
+ "https://*.stripe.com/",
)
CSP_MEDIA_SRC = (
"'self'",
@@ -123,16 +123,16 @@
"'report-sample'",
f"https://{AWS_S3_CUSTOM_DOMAIN}/",
"https://hcaptcha.com/",
- "https://*.hcaptcha.com",
+ "https://*.hcaptcha.com/",
"https://plausible.io/",
- "https://js.stripe.com",
+ "https://js.stripe.com/",
)
CSP_STYLE_SRC = (
"'self'",
"'report-sample'",
f"https://{AWS_S3_CUSTOM_DOMAIN}/",
"https://hcaptcha.com/",
- "https://*.hcaptcha.com",
+ "https://*.hcaptcha.com/",
"'unsafe-inline'",
)
CSP_DEFAULT_SRC = (
@@ -145,6 +145,3 @@
(DEVELOPMENT, TESTING)
): # Development and test aren’t used over HTTPS (yet)
CSP_UPGRADE_INSECURE_REQUESTS = True
-if SENTRY_REPORT_URI:
- CSP_REPORT_URI = SENTRY_REPORT_URI
-CSP_REPORT_ONLY = True
diff --git a/cl/visualizations/templates/new_visualization.html b/cl/visualizations/templates/new_visualization.html
index 7b76d08c82..e6d235bc48 100644
--- a/cl/visualizations/templates/new_visualization.html
+++ b/cl/visualizations/templates/new_visualization.html
@@ -12,7 +12,7 @@
-