Skip to content

Commit cdbb56d

Browse files
chriskarichriskari
authored
fix: csp report only to see which URLs will be blocked when using joule (#4417)
1 parent ddd4d9b commit cdbb56d

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

nginx/nginx.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ http {
3838
root /app/core-ui;
3939

4040
add_header 'Cache-Control' 'public, max-age=300';
41-
add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://kcp-dev-joule-vfglrzqg.eu12.sapdas.cloud.sap 'sha256-7fF0zlMDaJyxa8K3gkd0Gnt657Obx/gdAct0hR/pdds=' 'sha256-bjOtDHhqB+wVlyFDAxz9e0RvTn+EEec/Z4mpjUjNvAs=' blob:; frame-src 'self' https://kcp-dev-joule-vfglrzqg.eu12.sapdas.cloud.sap; style-src 'self' 'unsafe-inline'; connect-src 'self' * https://* wss://*; font-src 'self' data:; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; worker-src 'self' blob: data:;";
41+
add_header Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' https://kcp-dev-joule-vfglrzqg.eu12.sapdas.cloud.sap 'sha256-7fF0zlMDaJyxa8K3gkd0Gnt657Obx/gdAct0hR/pdds=' 'sha256-bjOtDHhqB+wVlyFDAxz9e0RvTn+EEec/Z4mpjUjNvAs=' blob:; frame-src 'self' https://kcp-dev-joule-vfglrzqg.eu12.sapdas.cloud.sap; style-src 'self' 'unsafe-inline'; connect-src 'self' * https://* wss://*; font-src 'self' data:; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; worker-src 'self' blob: data:;";
4242
add_header X-Frame-Options 'DENY';
4343
add_header X-Content-Type-Options 'nosniff';
4444
add_header Strict-Transport-Security 'max-age=31536000';

0 commit comments

Comments
 (0)