Skip to content

Commit

Permalink
fix(web): 🐛 allow csp manifest-src
Browse files Browse the repository at this point in the history
  • Loading branch information
@collinbarrett
collinbarrett committed Jan 24, 2021
1 parent 4aa6845 commit 4be1823
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion reverse-proxy/conf.d.dev/default.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@ server {
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://api-docs:8080;
include location-includes/*;
add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' validator.swagger.io data:; style-src 'self' 'unsafe-inline';" always;
add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' validator.swagger.io data:;" always;
}
}
4 changes: 2 additions & 2 deletions reverse-proxy/conf.d/default.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,13 @@ server {
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://api-docs:8080;
include location-includes/*;
add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' validator.swagger.io data:; style-src 'self' 'unsafe-inline';" always;
add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' validator.swagger.io data:;" always;
}

location / {
proxy_pass http://web:80;
include location-includes/*;
add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self';" always;
add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; manifest-src 'self';" always;
}
}

Expand Down

0 comments on commit 4be1823

Please sign in to comment.