Merge branch 'master' into typofix

google · Feb 22, 2019 · b33398d · b33398d
2 parents 787cb1e + 1efd27a
commit b33398d
Show file tree

Hide file tree

Showing 7 changed files with 42 additions and 40 deletions.
diff --git a/requirements.gae b/requirements.gae
@@ -1,3 +1,3 @@
 # AppEngine edition requirements file
 GoogleAppEngineCloudStorageClient
-MySQL-python
+PyMySQL
diff --git a/scoreboard/config_defaults.py b/scoreboard/config_defaults.py
@@ -16,33 +16,33 @@
 
 
 class Defaults(object):
-        ATTACHMENT_BACKEND = 'file://attachments'
-        COUNT_QUERIES = False
-        CSP_POLICY = None
-        CWD = os.path.dirname(os.path.realpath(__file__))
-        DEBUG = False
-        EXTEND_CSP_POLICY = None
-        ERROR_404_HELP = False
-        FIRST_BLOOD = 0
-        GAME_TIME = (None, None)
-        INVITE_KEY = None
-        LOGIN_METHOD = 'local'
-        MAIL_FROM = None
-        MAIL_FROM_NAME = None
-        MAIL_HOST = 'localhost'
-        NEWS_POLL_INTERVAL = 60000
-        PROOF_OF_WORK_BITS = 0
-        RULES = '/rules'
-        SCOREBOARD_ZEROS = True
-        SCORING = 'plain'
-        SECRET_KEY = None
-        TEAM_SECRET_KEY = None
-        SESSION_COOKIE_HTTPONLY = True
-        SESSION_COOKIE_SECURE = True
-        SQLALCHEMY_TRACK_MODIFICATIONS = True
-        SESSION_EXPIRATION_SECONDS = 60 * 60
-        SYSTEM_NAME = 'root'
-        TEAMS = True
-        TEASE_HIDDEN = True
-        TITLE = 'Scoreboard'
-        SUBMIT_AFTER_END = True
+    ATTACHMENT_BACKEND = 'file://attachments'
+    COUNT_QUERIES = False
+    CSP_POLICY = None
+    CWD = os.path.dirname(os.path.realpath(__file__))
+    DEBUG = False
+    EXTEND_CSP_POLICY = None
+    ERROR_404_HELP = False
+    FIRST_BLOOD = 0
+    GAME_TIME = (None, None)
+    INVITE_KEY = None
+    LOGIN_METHOD = 'local'
+    MAIL_FROM = None
+    MAIL_FROM_NAME = None
+    MAIL_HOST = 'localhost'
+    NEWS_POLL_INTERVAL = 60000
+    PROOF_OF_WORK_BITS = 0
+    RULES = '/rules'
+    SCOREBOARD_ZEROS = True
+    SCORING = 'plain'
+    SECRET_KEY = None
+    TEAM_SECRET_KEY = None
+    SESSION_COOKIE_HTTPONLY = True
+    SESSION_COOKIE_SECURE = True
+    SQLALCHEMY_TRACK_MODIFICATIONS = True
+    SESSION_EXPIRATION_SECONDS = 60 * 60
+    SYSTEM_NAME = 'root'
+    TEAMS = True
+    TEASE_HIDDEN = True
+    TITLE = 'Scoreboard'
+    SUBMIT_AFTER_END = True
diff --git a/scoreboard/context.py b/scoreboard/context.py
@@ -31,7 +31,6 @@
             "'self'",
             "'unsafe-eval'",  # Needed for Charts.js
         ],
-        'frame-ancestors': ["'none'"],
         'img-src': [
             "'self'",
             'data:',
@@ -99,8 +98,8 @@ def load_globals():
 def add_headers(response):
     """Add security-related headers to all outgoing responses."""
     h = response.headers
-    h.add('Content-Security-Policy', get_csp_policy())
-    h.add('X-Frame-Options', 'DENY')
+    h.setdefault('Content-Security-Policy', get_csp_policy())
+    h.setdefault('X-Frame-Options', 'DENY')
     h.add('X-XSS-Protection', '1', mode='block')
     return response
 

diff --git a/scoreboard/models.py b/scoreboard/models.py
@@ -291,7 +291,7 @@ def __repr__(self):
         return '<Tag: %s/%s>' % (self.tagslug, self.name)
 
     def slugify(self):
-        self.tagslug = '-'.join(w.lower() for w in re.split('\W+', self.name))
+        self.tagslug = '-'.join(w.lower() for w in re.split(r'\W+', self.name))
 
     @classmethod
     def create(cls, name, description):

diff --git a/scoreboard/rest.py b/scoreboard/rest.py
@@ -137,8 +137,8 @@ def put(self, user_id):
         try:
             models.commit()
         except AssertionError:
-                raise errors.ValidationError(
-                        'Error in updating user.  Details are logged.')
+            raise errors.ValidationError(
+                    'Error in updating user.  Details are logged.')
         return user
 
 

diff --git a/scoreboard/views.py b/scoreboard/views.py
@@ -59,7 +59,10 @@ def render_index():
                 os.path.join(app.static_folder, 'js/app.min.js'))
         tmpl = flask.render_template('index.html', minify=minify)
         _VIEW_CACHE['index'] = tmpl
-    return flask.make_response(tmpl, 200)
+    resp = flask.make_response(tmpl, 200)
+    if flask.request.path.startswith('/scoreboard'):
+        resp.headers.add('X-FRAME-OPTIONS', 'ALLOW')
+    return resp
 
 
 @app.route('/attachment/<filename>')

diff --git a/templates/base.html b/templates/base.html
@@ -50,7 +50,7 @@
       </header>
       <div class='container full-height'>
         <div class='row full-height'>
-          <div class='col-md-3 left-sidebar full-height'>
+          <div class='col-md-3 col-sm-3 left-sidebar full-height hidden-xs'>
               <div class='left-sidebar-background full-height'></div>
               <!-- TODO: Admin only -->
               <div id='admin-links' class='list-group ng-hide admin-links'
@@ -84,7 +84,7 @@
                 </ul>
               </div>
           </div>
-          <div class='col-md-9'>
+          <div class='col-md-9 col-sm-9'>
             <!-- TODO: title -->
             <h2></h2>
             {%- endraw %}