Commit 596a6628 authored by chandi's avatar chandi

CSP: added more domains to the whitelist and host some images locally

parent 232a0e24
Pipeline #48568493 passed with stages
in 6 minutes and 47 seconds
......@@ -18,13 +18,16 @@ class ContentSecurityPolicy
'script-src' => [
$self,
$unsafeInline,
$unsafeEval // lots of `$.globalEval` still ... 😢
$unsafeEval, // lots of `$.globalEval` still ... 😢
'https://www.bildungsspender.de' // donation formular on /unterstuetzung
],
'connect-src' => [
$self,
$this->websocketUrlFor(BASE_URL),
'https://sentry.io',
'https://photon.komoot.de'
'https://photon.komoot.de',
'https://search.mapzen.com', // only used in u_loadCoords, gets hopefully replaces soon
'https://beta.foodsharing.de', // in beta BASE_URL is foodsharing.de (see https://gitlab.com/foodsharing-dev/foodsharing/issues/479)
],
'img-src' => [
$self,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment