fixing static paths to absolute, fixing csp script blueimp

foto_gallery/__init__.py

@@ -14,6 +14,7 @@ import os
 import re
 from PIL import Image, ExifTags, ImageOps
 from functools import partial
+from flask_csp.csp import csp_header, csp_default
 
 cfg = Config("config.cfg")
 
@@ -36,6 +37,9 @@ app.logger.info('flatpages loaded %d pages' % len(flatpages._pages))
 app.logger.info("Data directory is: %s" % flatpages.root)
 app.logger.info("Url prefix;: %s" % cfg.url_prefix)
 
+csp_d=csp_default()
+csp_d.update({'default-src':"'self' 'unsafe-inline'", 'script-src': "'unsafe-inline' 'self'"})
+
 
 
 freezer = Freezer(app)
@@ -83,6 +87,7 @@ def thumb(size=64,name=''):
 
 @page_blueprint.route('/<path:name>/',strict_slashes=False)
 @page_blueprint.route('/')
+@csp_header()
 def post(name=''):
     print("Post: %s" % name)
     page = flatpages.get(name)
@@ -98,12 +103,16 @@ def post(name=''):
         return send_from_directory(app.config["FLATPAGES_ROOT"],name)
     elif os.path.exists(os.path.join('static',name)):
         print("send from static dir %s" % name)
-        return send_from_directory('static',name)
+        return send_from_directory(os.path.abspath('static'),name)
     elif os.path.exists(os.path.join(cfg["fet_assets"],name)):
         return send_from_directory(cfg["fet_assets"],name)
+    elif os.path.exists(os.path.join("blueimp",name)):
+        return send_from_directory(os.path.abspath('blueimp'),name)
     else:
-        return send_from_directory('blueimp',name)
-
+        print("%s not found" % os.path.abspath(os.path.join('static',name)))
+        print("%s not found" % os.path.abspath(os.path.join(cfg["fet_assets"],name)))
+        
+        return abort(404)
 
 @api_blueprint.route('/<path:name>.json',strict_slashes=False)
 @api_blueprint.route('/.json',strict_slashes=False)