From: Andreas Gerstenberg <gerstenberg@pixelpark.com>
Date: Fri, 10 Nov 2017 13:39:11 +0000 (+0100)
Subject: spk-spar-checker update header
X-Git-Tag: v0.1.0~2090
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=7fffe195d9d8ce825fdb724f3bfea1a7ff086e55;p=pixelpark%2Fhiera.git

spk-spar-checker update header
---

diff --git a/customer/spk-spar-checker/production.yaml b/customer/spk-spar-checker/production.yaml
index c60170a0..fa20661d 100644
--- a/customer/spk-spar-checker/production.yaml
+++ b/customer/spk-spar-checker/production.yaml
@@ -41,8 +41,8 @@ infra::profile::apache::pp_vhosts:
       - 'always set X-Frame-Options "SAMEORIGIN"'
       - 'always set X-Content-Type-Options "nosniff"'
       - 'always set Strict-Transport-Security: "max-age=15768001"'
-      - 'always set Referrer-Policy "origin"'
-      - "set Content-Security-Policy \"default-src 'none'; connect-src 'self' www.google-analytics.com; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
+      - 'always set Referrer-Policy "strict-origin"'
+      - "always set Content-Security-Policy \"default-src 'none'; connect-src 'self' www.google-analytics.com; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
 
     aliases:
       - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml
index 16b7b440..a99d4dea 100644
--- a/customer/spk-spar-checker/test.yaml
+++ b/customer/spk-spar-checker/test.yaml
@@ -51,8 +51,8 @@ infra::profile::apache::pp_vhosts:
       - 'always set X-Frame-Options "SAMEORIGIN"'
       - 'always set X-Content-Type-Options "nosniff"'
       - 'always set Strict-Transport-Security: "max-age=15768001"'
-      - 'always set Referrer-Policy "origin"'
-      - "set Content-Security-Policy \"default-src 'none'; connect-src 'self' www.google-analytics.com; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
+      - 'always set Referrer-Policy "strict origin"'
+      - "always set Content-Security-Policy \"default-src 'none'; connect-src 'self' www.google-analytics.com; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
 
     aliases:
       - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }