From fb617aac46100840a6707055d7e48dafcb8491ff Mon Sep 17 00:00:00 2001 From: Kevin Dew Date: Tue, 24 Jan 2023 23:04:24 +0000 Subject: [PATCH] Comment out GovukContentSecurityPolicy GOV.UK hadn't intended for this app to have the GOV.UK Content Security Policy yet, with us first planning to roll out this to frontend app. It looks like this was added as part of an outsourced Rails update [1], where the dev couldn't have known about our nuanced context. As this is an app that doesn't receive a lot of developer attention I'm disabling this as I don't want breaking changes to the CSP [2] to end up in this app. [1]: https://github.com/alphagov/travel-advice-publisher/pull/919 [2]: https://github.com/alphagov/govuk_app_config/pull/279 --- config/initializers/content_security_policy.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index aa49407c8..c44bd929c 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1 +1,6 @@ -GovukContentSecurityPolicy.configure +# Evenatually we'll want to use the GOV.UK Content Security Policy in this app, +# however as of now (January 2023) we're scoping this to frontend apps +# +# More info: https://docs.publishing.service.gov.uk/manual/content-security-policy.html +# +# GovukContentSecurityPolicy.configure