Commit 9a7253ca authored by Thomas Löffler's avatar Thomas Löffler
Browse files

Add typo3.azureedge.net to CSP

parent 1c84c068
Pipeline #8042 passed with stages
in 4 minutes and 6 seconds
......@@ -26,9 +26,9 @@ config.tx_realurl_enable = 1
[applicationContext = Production/Live]
config.additionalHeaders {
10.header = X-Powered-By: nothing
20.header = Content-Security-Policy: default-src 'self' *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
30.header = X-Content-Security-Policy: default-src 'self' *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
40.header = X-Webkit-CSP: default-src 'self' *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
20.header = Content-Security-Policy: default-src 'self' typo3.azureedge.net *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
30.header = X-Content-Security-Policy: default-src 'self' typo3.azureedge.net *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
40.header = X-Webkit-CSP: default-src 'self' typo3.azureedge.net *.typo3.org; script-src 'unsafe-inline' *.typo3.org; font-src 'self' *.typo3.org fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.typo3.org www.gravatar.com avatars.slack-edge.com
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment