Commit a66b4afc authored by chandi's avatar chandi

further small additions

parent 596a6628
Pipeline #48576054 passed with stages
in 6 minutes and 59 seconds
......@@ -19,20 +19,22 @@ class ContentSecurityPolicy
$self,
$unsafeInline,
$unsafeEval, // lots of `$.globalEval` still ... 😢
'https://www.bildungsspender.de' // donation formular on /unterstuetzung
'https://www.bildungsspender.de' // donation form on /unterstuetzung
],
'connect-src' => [
$self,
$this->websocketUrlFor(BASE_URL),
$this->websocketUrlFor('https://beta.foodsharing.de'), // in beta BASE_URL is foodsharing.de (see https://gitlab.com/foodsharing-dev/foodsharing/issues/479)
'https://sentry.io',
'https://photon.komoot.de',
'https://search.mapzen.com', // only used in u_loadCoords, gets hopefully replaces soon
'https://beta.foodsharing.de', // in beta BASE_URL is foodsharing.de (see https://gitlab.com/foodsharing-dev/foodsharing/issues/479)
'blob:'
],
'img-src' => [
$self,
'data:',
'https:'
'https:',
'blob:'
],
'style-src' => [
$self,
......@@ -43,7 +45,8 @@ class ContentSecurityPolicy
'data:'
],
'frame-src' => [
$self
$self,
'https://www.bildungsspender.de' // donation form on /unterstuetzung
],
'frame-ancestors' => [
$none
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment