infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

Also allow 'self' for pagure resources

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2018-05-03 17:32:48 +02:00
parent 676afa48ae
commit 0a67342490
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/pagure/frontend/templates/securityheaders.conf
View file

@ -2,4 +2,4 @@ Header always set X-Frame-Options "ALLOW-FROM https://pagure.io/"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
Header always set Content-Security-Policy "default-src https:; script-src 'self' 'unsafe-inline' https://apps.fedoraproject.org"
Header always set Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-inline' https://apps.fedoraproject.org"