Fix CSP advices

a5397289 · Thomas Löffler · 9a7253ca · a5397289
Commit a5397289 authored Nov 22, 2019 by Thomas Löffler
--- a/extensions/t3omy/Configuration/TypoScript/main.txt
+++ b/extensions/t3omy/Configuration/TypoScript/main.txt
@@ -26,9 +26,9 @@ config.tx_realurl_enable = 1
 [applicationContext = Production/Live]
 config.additionalHeaders {
  10.header = X-Powered-By: nothing
-  20.header = Content-Security-Policy: default-src 'self' typo3.azureedge.net *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
-  30.header = X-Content-Security-Policy: default-src 'self' typo3.azureedge.net *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
-  40.header = X-Webkit-CSP: default-src 'self' typo3.azureedge.net *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
+  20.header = Content-Security-Policy: default-src 'self' *.typo3.org; script-src 'unsafe-inline' typo3.azureedge.net *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
+  30.header = X-Content-Security-Policy: default-src 'self' *.typo3.org; script-src 'unsafe-inline' typo3.azureedge.net *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
+  40.header = X-Webkit-CSP: default-src 'self' *.typo3.org; script-src 'unsafe-inline' typo3.azureedge.net *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
 }