UNOTOPLYS-221 fix : ajout de l'url du CKEditor en source safe du content securiy policy

39836800 · Julien BOUYER · 8ded1e4f · 39836800
Commit 39836800 authored Jun 21, 2021 by Julien BOUYER
--- a/src/main/java/com/unantes/orientactive/config/SecurityConfiguration.java
+++ b/src/main/java/com/unantes/orientactive/config/SecurityConfiguration.java
@@ -63,7 +63,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                .accessDeniedHandler(problemSupport)
        .and()
            .headers()
-                .contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' fonts.gstatic.com")
+                .contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://cdn.ckeditor.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' fonts.gstatic.com")
            .and()
            .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
        .and()