38 lines
1.1 KiB
Plaintext
38 lines
1.1 KiB
Plaintext
# This file allows to further customize the Content Security Policy (CSP).
|
|
# All settings will be applied **in addition** to the application CSP.
|
|
# Additional keys can be added if required.
|
|
# Default directives are defined here: `initializers/content_security_policy.rb`.
|
|
|
|
default: &default
|
|
# Allow the S3 service hosted by the openHPI Cloud to be used for images
|
|
img_src:
|
|
- https://s3.xopic.de
|
|
- https://*.s3.xopic.de
|
|
- https://s3.openhpicloud.de
|
|
- https://*.s3.openhpicloud.de
|
|
# Webkit didn't consider the WSS scheme as part of 'self', adding it explicitly
|
|
# See https://bugs.webkit.org/show_bug.cgi?id=235873
|
|
connect_src:
|
|
- wss://codeocean.openhpi.de
|
|
# Enable the StackExchange API for Flowr
|
|
# - https://api.stackexchange.com
|
|
# Optionally: Specify a custom, non-Sentry URL for reporting CSP violations.
|
|
# For Sentry, set the `SENTRY_CSP_REPORT_URL` environment variable.
|
|
# report_uri: https://example.com/csp-report
|
|
|
|
|
|
development:
|
|
<<: *default
|
|
# Allow the webpack-dev-server in development
|
|
connect_src:
|
|
- http://localhost:3035
|
|
- ws://localhost:3035
|
|
|
|
|
|
production:
|
|
<<: *default
|
|
|
|
|
|
test:
|
|
<<: *default
|