Talisman fixes

2026-03-01 00:08:59 +01:00
parent 42d20afb3b
commit 893c444000
10 changed files with 12 additions and 10 deletions
--- a/backend/app.py
+++ b/backend/app.py
@@ -103,7 +103,9 @@ def create_app():
    }
    Talisman(
        app,
-        force_https=is_https,
+        # HTTPS redirect hoort in nginx, NIET hier.
        # Talisman zou anders redirecten naar het interne Docker adres (127.0.0.1:5000).
        force_https=False,
        strict_transport_security=is_https,
        strict_transport_security_max_age=31536000,
        strict_transport_security_include_subdomains=True,
--- a/backend/templates/admin.html
+++ b/backend/templates/admin.html
@@ -322,7 +322,7 @@
 <div class="notification" id="notification"></div>
-<script>
+<script nonce="{{ csp_nonce() }}">
 document.addEventListener('DOMContentLoaded', async () => {
    await loadStats();
    await loadSgIct();
--- a/backend/templates/directeur.html
+++ b/backend/templates/directeur.html
@@ -348,7 +348,7 @@
 <div class="notification" id="notification"></div>
-<script>
+<script nonce="{{ csp_nonce() }}">
 let teachers     = [];
 let allGoals     = {};
 let vakData      = {};
--- a/backend/templates/doelen_beheer.html
+++ b/backend/templates/doelen_beheer.html
@@ -192,7 +192,7 @@
 </div>
 <div class="notification" id="notification"></div>
-<script>
+<script nonce="{{ csp_nonce() }}">
 document.addEventListener('DOMContentLoaded', () => {
    loadDoelen();
    switchUploadTab('xlsx');
--- a/backend/templates/leerkracht.html
+++ b/backend/templates/leerkracht.html
@@ -351,7 +351,7 @@
 <div class="notification" id="notification"></div>
-<script>
+<script nonce="{{ csp_nonce() }}">
 // ── State ────────────────────────────────────────────────────────────────────
 let currentUser   = null;
 let currentVakId  = null;
--- a/backend/templates/login.html
+++ b/backend/templates/login.html
@@ -311,7 +311,7 @@
        </div>
    </div>
-    <script>
+    <script nonce="{{ csp_nonce() }}">
        let saVisible = false;
        function toggleSuperadmin() {
--- a/backend/templates/scholengroep_ict.html
+++ b/backend/templates/scholengroep_ict.html
@@ -332,7 +332,7 @@
 <div class="notification" id="notification"></div>
-<script>
+<script nonce="{{ csp_nonce() }}">
 const IS_SUPERADMIN = {{ 'true' if is_superadmin else 'false' }};
 let schools = [];
--- a/backend/templates/school_ict.html
+++ b/backend/templates/school_ict.html
@@ -319,7 +319,7 @@
 <div class="notification" id="notification"></div>
-<script>
+<script nonce="{{ csp_nonce() }}">
 let mySchoolId = null;
 const ROLLEN = [
--- a/backend/templates/setup.html
+++ b/backend/templates/setup.html
@@ -254,7 +254,7 @@
        </form>
    </div>
-    <script>
+    <script nonce="{{ csp_nonce() }}">
        document.getElementById('setupForm').addEventListener('submit', async (e) => {
            e.preventDefault();
            const errorEl = document.getElementById('error-msg');
--- a/backend/templates/superadmin_login.html
+++ b/backend/templates/superadmin_login.html
@@ -243,7 +243,7 @@
        <a href="/auth/login" class="back-link">← Terug naar normale loginpagina</a>
    </div>
-    <script>
+    <script nonce="{{ csp_nonce() }}">
        document.getElementById('password').addEventListener('keydown', e => {
            if (e.key === 'Enter') doLogin();
        });