From: Dennis Klein Date: Wed, 5 Apr 2017 15:02:46 +0000 (+0200) Subject: Update dev-web-ngcc-daimler.pixelpark.net.yaml X-Git-Tag: v0.1.0~3301^2~2^2 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=e71956e7eb2c951f3e78f80d861269ad2ec66880;p=pixelpark%2Fhiera.git Update dev-web-ngcc-daimler.pixelpark.net.yaml add *.fbcdn.net to security headers for Facebook images and movies --- diff --git a/customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml b/customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml index 1ed5ee5f..d66868c5 100644 --- a/customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml +++ b/customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml @@ -38,8 +38,8 @@ infra::profile::apache::pp_vhosts: redirect_dest_non_ssl: 'https://dev-web01-ngcc-daimler.pixelpark.net/' headers: - 'always unset "X-Powered-By"' - - "set Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com https://*.cdninstagram.com https://*.ytimg.com https://*.twimg.com https://mb.anythingabout.net; child-src https://*.youtube.com https://*.facebook.com; frame-src https://*.youtube.com https://*.facebook.com\"" - - "set X-Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com https://*.cdninstagram.com https://*.ytimg.com https://*.twimg.com https://mb.anythingabout.net; child-src https://*.youtube.com https://*.facebook.com; frame-src https://*.youtube.com https://*.facebook.com\"" + - "set Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net https://*.fbcdn.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com https://*.fbcdn.net https://*.cdninstagram.com https://*.ytimg.com https://*.twimg.com https://mb.anythingabout.net; child-src https://*.youtube.com https://*.facebook.com https://*.fbcdn.net; frame-src https://*.youtube.com https://*.fbcdn.net https://*.facebook.com\"" + - "set X-Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net https://*.fbcdn.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com https://*.fbcdn.net https://*.cdninstagram.com https://*.ytimg.com https://*.twimg.com https://mb.anythingabout.net; child-src https://*.youtube.com https://*.facebook.com https://*.fbcdn.net; frame-src https://*.youtube.com https://*.fbcdn.net https://*.facebook.com\"" headers_ssl: - 'always set Strict-Transport-Security "max-age=31556926"' custom_fragment: |