Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/develop' into fb_gradle8.5
Browse files Browse the repository at this point in the history
  • Loading branch information
@labkey-susanh
labkey-susanh committed Dec 11, 2023
2 parents 4acb453 + def1d69 commit d8e3e58
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions server/configs/application.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ spring.main.banner-mode=off
# example usage 1 - very strict, disallows 'external' websites, disallows unsafe-inline, but only reports violations (does not enforce)
# good for test automation!

csp.report="default-src 'self' https: ;\nconnect-src 'self' https: ;\nobject-src 'none' ;\nstyle-src 'self' https: 'unsafe-inline' ;\nimg-src 'self' data: ;\nscript-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\nbase-uri 'self' ;\nupgrade-insecure-requests ;\nframe-ancestors 'self' ;\nreport-to /labkey/admin-contentsecuritypolicyreport.api ;\nreport-uri /labkey/admin-contentsecuritypolicyreport.api ;"
#csp.report="default-src 'self' https: ;\nconnect-src 'self' https: ;\nobject-src 'none' ;\nstyle-src 'self' https: 'unsafe-inline' ;\nimg-src 'self' data: ;\nscript-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\nbase-uri 'self' ;\nupgrade-insecure-requests ;\nframe-ancestors 'self' ;\nreport-to https://www.labkey.org/admin-contentsecuritypolicyreport.api ;\nreport-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api ;"

# example usage 2 - less strict but enforces directives, (NOTE: unsafe-inline is still required for many modules)

csp.enforce="default-src 'self' https: ;\nconnect-src 'self' https: ;\nobject-src 'none' ;\nstyle-src 'self' https: 'unsafe-inline' ;\nimg-src 'self' data: ;\nscript-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\nbase-uri 'self' ;\nupgrade-insecure-requests ;\nframe-ancestors 'self' ;\nreport-to /labkey/admin-contentsecuritypolicyreport.api ;\nreport-uri /labkey/admin-contentsecuritypolicyreport.api ;"
#csp.enforce="default-src 'self' https: ;\nconnect-src 'self' https: ;\nobject-src 'none' ;\nstyle-src 'self' https: 'unsafe-inline' ;\nimg-src 'self' data: ;\nscript-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\nbase-uri 'self' ;\nupgrade-insecure-requests ;\nframe-ancestors 'self' ;\nreport-to https://www.labkey.org/admin-contentsecuritypolicyreport.api ;\nreport-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api ;"

0 comments on commit d8e3e58

Please sign in to comment.