diff --git a/piccolo_api/csp/middleware.py b/piccolo_api/csp/middleware.py index 7e53ab7..d4cb537 100644 --- a/piccolo_api/csp/middleware.py +++ b/piccolo_api/csp/middleware.py @@ -29,7 +29,7 @@ async def wrapped_send(message: Message): if message["type"] == "http.response.start": headers = message.get("headers", []) header_value = bytes( - f"default-src: '{self.config.default_src}'", "utf8" + f"default-src '{self.config.default_src}'", "utf8" ) if self.config.report_uri: header_value = ( diff --git a/tests/csp/test_csp.py b/tests/csp/test_csp.py index b944e37..b35557d 100644 --- a/tests/csp/test_csp.py +++ b/tests/csp/test_csp.py @@ -36,7 +36,7 @@ def test_headers(self): # Make sure the headers got added: self.assertEqual( response.headers["content-security-policy"], - "default-src: 'self'", + "default-src 'self'", ) # Make sure the original headers are still intact: @@ -53,7 +53,7 @@ def test_default_src(self): self.assertEqual( response.headers.get("content-security-policy"), - "default-src: 'none'", + "default-src 'none'", ) def test_report_uri(self): @@ -66,5 +66,5 @@ def test_report_uri(self): self.assertEqual( response.headers["content-security-policy"], - "default-src: 'self'; report-uri foo.com", + "default-src 'self'; report-uri foo.com", )