Skip to content

Commit

Permalink
Comment out GovukContentSecurityPolicy
Browse files Browse the repository at this point in the history 
GOV.UK hadn't intended for this app to have the GOV.UK Content Security
Policy yet, with us first planning to roll out this to frontend app. It
looks like this was added as part of an outsourced Rails update [1],
where the dev couldn't have known about our nuanced context.

As this is an app that doesn't receive a lot of developer attention I'm
disabling this as I don't want breaking changes to the CSP [2] to end up
in this app.

[1]: #815
[2]: alphagov/govuk_app_config#279
  • Loading branch information
@kevindew
kevindew committed Jan 24, 2023
1 parent 9aec88f commit 3a2a471
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion config/initializers/content_security_policy.rb
View file
Original file line number Diff line number Diff line change
@@ -1 +1,6 @@
GovukContentSecurityPolicy.configure
# Eventually we'll want to use the GOV.UK Content Security Policy in this app,
# however as of January 2023 we're scoping it to only frontend apps
#
# For more info on the GOV.UK CSP see: https://docs.publishing.service.gov.uk/manual/content-security-policy.html
#
# GovukContentSecurityPolicy.configure

0 comments on commit 3a2a471

Please sign in to comment.