Be more permissive with csp header values

2017-03-21 10:35:28 +01:00
parent 7c01ee58b5
commit d01929debc
7 changed files with 7 additions and 6 deletions
--- a/webadmin/src/appstatus.html
+++ b/webadmin/src/appstatus.html
@@ -3,7 +3,7 @@
 <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width, height=device-height" />
-    <meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' 'unsafe-eval' 'self' *.cloudron.io; img-src 'self' *.cloudron.io www.gravatar.com s3.amazonaws.com;" />
+    <meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' 'self' <%= apiOriginHostname %>; img-src 'self' <%= apiOriginHostname %>;" />

    <title> Cloudron App Error </title>