Only process extra_csp_directives if set

Author: manisandro

src/qwc2_viewer.py

@@ -214,9 +214,10 @@ def qwc2_index(self, identity, params, request_url):
             "script-src": "'nonce-%s' 'strict-dynamic' 'wasm-unsafe-eval'" % nonce,
             # "style-src 'nonce-%s'" % nonce # TODO
         }
-        for extra_csp in filter(bool, self.extra_csp_directives.split(";")):
-            parts = extra_csp.strip().split(" ", 1)
-            csp[parts[0]] = (csp.get(parts[0], "") + " " + parts[1]).strip()
+        if self.extra_csp_directives:
+            for extra_csp in filter(bool, self.extra_csp_directives.split(";")):
+                parts = extra_csp.strip().split(" ", 1)
+                csp[parts[0]] = (csp.get(parts[0], "") + " " + parts[1]).strip()
 
         csp = "; ".join(list(map(lambda t: " ".join(t), csp.items()))) + ";"
         viewer_index = viewer_index.replace('<head>', '<head>\n<meta http-equiv="Content-Security-Policy" content="%s">' % csp)