From 116bb2059132dbf190ec04e49a783c6e459f027e Mon Sep 17 00:00:00 2001
From: Andreas Gerstenberg <gerstenberg@pixelpark.com>
Date: Mon, 4 Sep 2017 14:17:00 +0200
Subject: [PATCH] spk-spar-checker Content-Security-Policy temp disabled

---
 customer/spk-spar-checker/production.yaml | 2 +-
 customer/spk-spar-checker/test.yaml       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/customer/spk-spar-checker/production.yaml b/customer/spk-spar-checker/production.yaml
index be4f276b..f4d6376b 100644
--- a/customer/spk-spar-checker/production.yaml
+++ b/customer/spk-spar-checker/production.yaml
@@ -40,7 +40,7 @@ infra::profile::apache::pp_vhosts:
       - 'always set X-XSS-Protection "1; mode=block"'
       - 'always set X-Frame-Options "SAMEORIGIN"'
       - 'always set X-Content-Type-Options "nosniff"'
-      - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\""
+#      - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\""
     aliases:
       - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
       - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp }
diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml
index eb8b6125..d04f79c3 100644
--- a/customer/spk-spar-checker/test.yaml
+++ b/customer/spk-spar-checker/test.yaml
@@ -38,7 +38,7 @@ infra::profile::apache::pp_vhosts:
       - 'always set X-XSS-Protection "1; mode=block"'
       - 'always set X-Frame-Options "SAMEORIGIN"'
       - 'always set X-Content-Type-Options "nosniff"'
-      - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\""
+#      - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\""
     aliases:
       - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
       - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp }
-- 
2.39.5