spk-spar-checker update CSP Header

author Andreas Gerstenberg <gerstenberg@pixelpark.com>

Wed, 8 Nov 2017 09:33:11 +0000 (10:33 +0100)

committer Andreas Gerstenberg <gerstenberg@pixelpark.com>

Wed, 8 Nov 2017 09:33:11 +0000 (10:33 +0100)
author Andreas Gerstenberg <gerstenberg@pixelpark.com>
Wed, 8 Nov 2017 09:33:11 +0000 (10:33 +0100)
committer Andreas Gerstenberg <gerstenberg@pixelpark.com>
Wed, 8 Nov 2017 09:33:11 +0000 (10:33 +0100)
diff --git a/customer/spk-spar-checker/production.yaml b/customer/spk-spar-checker/production.yaml

index e9932ff0e0f242f28af315436c9e0f7291603aaf..db3d5dba477e252121483b47325697316867b056 100644 (file)
--- a/customer/spk-spar-checker/production.yaml
+++ b/customer/spk-spar-checker/production.yaml
@@ -42,7 +42,7 @@ infra::profile::apache::pp_vhosts:
        - 'always set X-Content-Type-Options "nosniff"'
        - 'always set Strict-Transport-Security: "max-age=15768001"'
        - 'always set Referrer-Policy "origin"'
-      - "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
+      - "set Content-Security-Policy \"default-src 'none'; connect-src 'self' www.google-analytics.com; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
  
      aliases:
        - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml

index 19ce989390a3db0f686aa079b469cbd2cefbf906..a634e893d43351926032aa299964d2f3e3d3e707 100644 (file)
--- a/customer/spk-spar-checker/test.yaml
+++ b/customer/spk-spar-checker/test.yaml
@@ -50,7 +50,7 @@ infra::profile::apache::pp_vhosts:
        - 'always set X-Content-Type-Options "nosniff"'
        - 'always set Strict-Transport-Security: "max-age=15768001"'
        - 'always set Referrer-Policy "origin"'
-      - "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
+      - "set Content-Security-Policy \"default-src 'none'; connect-src 'self' www.google-analytics.com; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
  
      aliases:
        - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
author	Andreas Gerstenberg <gerstenberg@pixelpark.com>
	Wed, 8 Nov 2017 09:33:11 +0000 (10:33 +0100)
committer	Andreas Gerstenberg <gerstenberg@pixelpark.com>
	Wed, 8 Nov 2017 09:33:11 +0000 (10:33 +0100)
customer/spk-spar-checker/production.yaml		patch \| blob \| history
customer/spk-spar-checker/test.yaml		patch \| blob \| history