Skip to content

Commit

Permalink
Comment out GovukContentSecurityPolicy
Browse files Browse the repository at this point in the history 
GOV.UK hadn't intended for this app to have the GOV.UK Content Security
Policy yet, with us first planning to roll out this to frontend app. It
looks like this was added as part of an outsourced Rails update [1],
where the dev couldn't have known about our nuanced context.

As this is an app that doesn't receive a lot of developer attention I'm
disabling this as I don't want breaking changes to the CSP [2] to end up
in this app.

[1]: #815
[2]:alphagov/govuk_app_config#279
  • Loading branch information
@kevindew
kevindew committed Jan 24, 2023
1 parent 8a558de commit 82d1ba4
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion config/initializers/content_security_policy.rb
View file
Original file line number Diff line number Diff line change
@@ -1 +1,6 @@
GovukContentSecurityPolicy.configure
# Evenatually we'll want to use the GOV.UK Content Security Policy in this app,
# however as of now (January 2023) we're scoping this to frontend apps
#
# More info: https://docs.publishing.service.gov.uk/manual/content-security-policy.html
#
# GovukContentSecurityPolicy.configure

0 comments on commit 82d1ba4

Please sign in to comment.