Commit 39836800 authored by Julien BOUYER's avatar Julien BOUYER
Browse files

UNOTOPLYS-221 fix : ajout de l'url du CKEditor en source safe du content securiy policy

parent 8ded1e4f
...@@ -63,7 +63,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter { ...@@ -63,7 +63,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
.accessDeniedHandler(problemSupport) .accessDeniedHandler(problemSupport)
.and() .and()
.headers() .headers()
.contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' fonts.gstatic.com") .contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://cdn.ckeditor.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' fonts.gstatic.com")
.and() .and()
.referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN) .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
.and() .and()
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment