Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Laurent S
erp5
Commits
c727c78a
Commit
c727c78a
authored
Sep 04, 2014
by
Sven Franck
Committed by
Sebastien Robin
Sep 09, 2014
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
erp5_web_renderjs_ui: set CSP back to default
parent
07d31edc
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
2 additions
and
4 deletions
+2
-4
bt5/erp5_web_renderjs_ui/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui/WebPage_viewAsGadget.xml
...ortal_skins/erp5_web_renderjs_ui/WebPage_viewAsGadget.xml
+1
-3
bt5/erp5_web_renderjs_ui/bt/revision
bt5/erp5_web_renderjs_ui/bt/revision
+1
-1
No files found.
bt5/erp5_web_renderjs_ui/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui/WebPage_viewAsGadget.xml
View file @
c727c78a
...
@@ -68,9 +68,7 @@ response.setHeader("X-Frame-Options", "SAMEORIGIN")\n
...
@@ -68,9 +68,7 @@ response.setHeader("X-Frame-Options", "SAMEORIGIN")\n
response.setHeader("X-Content-Type-Options", "nosniff")\n
response.setHeader("X-Content-Type-Options", "nosniff")\n
\n
\n
# Only fetch code (html, js, css, image) and data from this ERP5, to prevent any data leak as the web site do not control the gadget\'s code\n
# Only fetch code (html, js, css, image) and data from this ERP5, to prevent any data leak as the web site do not control the gadget\'s code\n
# XXX: allow openstreetmap\n
response.setHeader("Content-Security-Policy", "default-src \'none\'; img-src \'self\' data:; media-src \'self\'; connect-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\' data:; frame-src \'self\' data:")\n
# response.setHeader("Content-Security-Policy", "default-src \'none\'; img-src \'self\' data:; media-src \'self\'; connect-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\' data:; frame-src \'self\' data:")\n
response.setHeader("Content-Security-Policy", "default-src \'none\'; img-src \'self\' https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data:; media-src \'self\'; connect-src \'self\' https://nominatim.openstreetmap.org ; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\' data:; frame-src \'self\' data:")\n
\n
\n
\n
\n
response.setHeader(\'Content-Type\', \'text/html\')\n
response.setHeader(\'Content-Type\', \'text/html\')\n
...
...
bt5/erp5_web_renderjs_ui/bt/revision
View file @
c727c78a
63
64
\ No newline at end of file
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment