aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2023-10-03 16:00:11 +0200
committerQuentin Dufour <quentin@deuxfleurs.fr>2023-10-03 16:00:11 +0200
commit56e19ff2e5dd39e48ff6d7ce61d330c861840536 (patch)
tree180acde9fd27e8ed8a067442ad743a8025e55e34 /cluster/prod/app
parent9e113416ac30db0f30caeb796e7d7fadae135c55 (diff)
downloadnixcfg-56e19ff2e5dd39e48ff6d7ce61d330c861840536.tar.gz
nixcfg-56e19ff2e5dd39e48ff6d7ce61d330c861840536.zip
remove default HTTP CSP, put your CSP in your HTML
Diffstat (limited to 'cluster/prod/app')
-rw-r--r--cluster/prod/app/garage/deploy/garage.hcl1
1 files changed, 0 insertions, 1 deletions
diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl
index 0a89a89..aed4bb9 100644
--- a/cluster/prod/app/garage/deploy/garage.hcl
+++ b/cluster/prod/app/garage/deploy/garage.hcl
@@ -134,7 +134,6 @@ job "garage" {
tags = [
"garage-web",
"tricot * 1",
- "tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'; object-src 'none'",
"tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
"tricot-add-header X-Frame-Options SAMEORIGIN",
"tricot-add-header X-XSS-Protection 1; mode=block",