When I run this flask app in dev mode(app.run) the route('/counties') works well and returns an array of JSONs, however when I use a production server (waitress), Content-Security-Policy(CSP) blocks the route from loading the data.
Message I get : Content Security Policy: The page’s settings blocked the loading of a resource at http://localhost:5000/ (“default-src”).
What policy do I need set on my CSP header to avoid this from happening? Or is there anything I need to do? Thank you
@app.route('/counties', methods=['GET'])
def get_counties():
global sql
try:
counties = sql.get_counties()
return make_response (jsonify({'data':counties}), 200)
except:
return make_response(jsonify({'request':{}}), 500, )
@app.after_request
def add_header(response):
response.headers['Access-Control-Allow-Headers'] = '*'
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Content-Security-Policy'] = "default-src 'self';"
return response
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…