From 0a673424903c4ee652ac9fd51f5890c55263e0bc Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 3 May 2018 17:32:48 +0200 Subject: [PATCH] Also allow 'self' for pagure resources Signed-off-by: Patrick Uiterwijk --- roles/pagure/frontend/templates/securityheaders.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pagure/frontend/templates/securityheaders.conf b/roles/pagure/frontend/templates/securityheaders.conf index 03cd39a2a1..057385f09e 100644 --- a/roles/pagure/frontend/templates/securityheaders.conf +++ b/roles/pagure/frontend/templates/securityheaders.conf @@ -2,4 +2,4 @@ Header always set X-Frame-Options "ALLOW-FROM https://pagure.io/" Header always set X-Xss-Protection "1; mode=block" Header always set X-Content-Type-Options "nosniff" Header always set Referrer-Policy "same-origin" -Header always set Content-Security-Policy "default-src https:; script-src 'self' 'unsafe-inline' https://apps.fedoraproject.org" +Header always set Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-inline' https://apps.fedoraproject.org"