For now, allow unsafe-eval for Pagure...

https://pagure.io/pagure/issue/3220 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-05-10 10:50:45 +02:00 · 2018-05-10 10:50:45 +02:00 · a70160edf7
commit a70160edf7
parent 8b561f12a6
1 changed files with 1 additions and 1 deletions
--- a/roles/pagure/frontend/templates/securityheaders.conf
+++ b/roles/pagure/frontend/templates/securityheaders.conf
@ -2,4 +2,4 @@ Header always set X-Frame-Options "ALLOW-FROM https://pagure.io/"
 Header always set X-Xss-Protection "1; mode=block"
 Header always set X-Content-Type-Options "nosniff"
 Header always set Referrer-Policy "same-origin"
-Header always set Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-inline' https://apps.fedoraproject.org; style-src 'self' 'unsafe-inline' https://apps.fedoraproject.org"
+Header always set Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://apps.fedoraproject.org; style-src 'self' 'unsafe-inline' https://apps.fedoraproject.org"