content_security_policy.yml.example

# This file allows to further customize the Content Security Policy (CSP).
# All settings will be applied **in addition** to the application CSP.
# Additional keys can be added if required.
# Default directives are defined here: `initializers/content_security_policy.rb`.

default: &default
  # Allow the S3 service hosted by the openHPI Cloud to be used for images
  img_src:
    - https://s3.xopic.de
    - https://*.s3.xopic.de
    - https://s3.openhpicloud.de
    - https://*.s3.openhpicloud.de
  # Webkit didn't consider the WSS scheme as part of 'self', adding it explicitly
  # See https://bugs.webkit.org/show_bug.cgi?id=235873
  connect_src:
    - wss://codeocean.openhpi.de
    # Enable the StackExchange API for Flowr
    # - https://api.stackexchange.com
  # Optionally: Specify a custom, non-Sentry URL for reporting CSP violations.
  # For Sentry, set the `SENTRY_CSP_REPORT_URL` environment variable.
  # report_uri: https://example.com/csp-report


development:
  <<: *default
  # Allow the webpack-dev-server in development
  connect_src:
    - http://localhost:3035
    - ws://localhost:3035


production:
  <<: *default


test:
  <<: *default