Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Configure Content-Security-Policy for datagrepper, for the future.

Browse source
This commit is contained in:
Ralph Bean 2017-06-01 03:42:42 +00:00
parent cc0a37c9d9
commit 049effe2e2
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/datagrepper/templates/datagrepper-fedmsg.py
View file

@ -17,4 +17,8 @@ config = {
'fedmenu_url': 'https://apps.fedoraproject.org/fedmenu',
'fedmenu_data_url': 'https://apps.fedoraproject.org/js/data.js',
{% endif %}
# Only allow ajax/websockets connections back to our domains.
# https://github.com/fedora-infra/datagrepper/pull/192
'content_security_policy': 'connect-src https://*.fedoraproject.org wss://*.fedoraproject.org'
}