implement content-security-policy, static assets cache bust, and fix

stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that.
2020-05-22 15:20:26 -05:00
parent 5a080fe1c5
commit 672ff49d6d
13 changed files with 202 additions and 65 deletions
--- a/capsulflask/console.py
+++ b/capsulflask/console.py
@ -217,12 +217,13 @@ def ssh_public_keys():
      if method == "POST":
        parts = re.split(" +", request.form["content"])
        if len(parts) > 2 and len(parts[2].strip()) > 0:
-          name = parts[2]
+          name = parts[2].strip()
        else:
-          name = parts[0]
+          name = parts[0].strip()
      else:
        errors.append("Name is required")
-    if not re.match(r"^[0-9A-Za-z_@\. -]+$", name):
+    if not re.match(r"^[0-9A-Za-z_@. -]+$", name):
+      print(name)
      errors.append("Name must match \"^[0-9A-Za-z_@. -]+$\"")

    if method == "POST":
@ -231,7 +232,7 @@ def ssh_public_keys():
        errors.append("Content is required")
      else:
        content = content.replace("\r", "").replace("\n", "")
-        if not re.match(r"^(ssh|ecdsa)-[0-9A-Za-z+/_=@\. -]+$", content):
+        if not re.match(r"^(ssh|ecdsa)-[0-9A-Za-z+/_=@. -]+$", content):
          errors.append("Content must match \"^(ssh|ecdsa)-[0-9A-Za-z+/_=@. -]+$\"")

      if get_model().ssh_public_key_name_exists(session["account"], name):