Issue #2828 - Changes the concatenation from + to join

karlcow · karlcow · commit cba11936476c · 2019-03-28T10:31:23.000+09:00
This was initially triggered by pycodestyle W504. It kinds of force you to choose your style in between W503 and W504. Breaking before binary operators or after. To avoid it altogether, I switched to ''.join() which is more effective anyway in performance. https://wiki.python.org/moin/PythonSpeed/PerformanceTips#String_Concatenation
diff --git a/webcompat/helpers.py b/webcompat/helpers.py
@@ -501,19 +501,20 @@ def add_csp(response):
     This should be used in @app.after_request to ensure the header is
     added to all responses.
     """
-    response.headers['Content-Security-Policy'] = (
-        "default-src 'self'; " +
-        "object-src 'none'; " +
-        "connect-src 'self' https://api.github.com; " +
-        "font-src 'self' https://fonts.gstatic.com; " +
-        get_img_src_policy() +
-        "manifest-src 'self'; " +
-        "script-src 'self' https://www.google-analytics.com https://api.github.com 'nonce-{nonce}'; ".format(nonce=request.nonce) +  # noqa
-        "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; " +
-        "base-uri 'self'; " +
-        "frame-ancestors 'self'; " +
+    csp_params = [
+        "default-src 'self'; ",
+        "object-src 'none'; ",
+        "connect-src 'self' https://api.github.com; ",
+        "font-src 'self' https://fonts.gstatic.com; ",
+        get_img_src_policy(),
+        "manifest-src 'self'; ",
+        "script-src 'self' https://www.google-analytics.com https://api.github.com 'nonce-{nonce}'; ".format(nonce=request.nonce),  # noqa
+        "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; ",
+        "base-uri 'self'; ",
+        "frame-ancestors 'self'; ",
         "report-uri /csp-report"
-    )
+    ]
+    response.headers['Content-Security-Policy'] = (''.join(csp_params))
 
 
 def cache_policy(private=True, uri_max_age=86400, must_revalidate=False):
