Skip to content
Snippets Groups Projects
Commit bf54b9ed authored by Cam Saül's avatar Cam Saül Committed by GitHub
Browse files

Merge pull request #4679 from metabase/fix-firefox-Content-Security-Policy-warnings 

Fix Firefox Content-Security-Policy warnings
parents 2d18bb81 9478cde8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/metabase/middleware.clj
+ 2
6
View file @ bf54b9ed
......@@ -190,11 +190,9 @@
"https://www.google-analytics.com" ; Safari requires the protocol
"https://*.googleapis.com"
"*.gstatic.com"
"js.intercomcdn.com"
"*.intercom.io"
(when config/is-dev?
"localhost:8080")]
:frame-src ["'self'"
:child-src ["'self'"
"https://accounts.google.com"] ; TODO - double check that we actually need this for Google Auth
:style-src ["'unsafe-inline'"
"'self'"
......@@ -205,11 +203,9 @@
(when config/is-dev?
"localhost:8080")]
:img-src ["*"
"self data:"]
"'self' data:"]
:connect-src ["'self'"
"metabase.us10.list-manage.com"
"*.intercom.io"
"wss://*.intercom.io" ; allow websockets as well
(when config/is-dev?
"localhost:8080 ws://localhost:8080")]}]
(format "%s %s; " (name k) (apply str (interpose " " vs)))))})
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment