Work around CSP form-action issue with CAS.

Replace header with nicer values
This commit is contained in:
Philippe Caseiro 2019-09-13 16:02:48 +02:00
parent e0c7ca8f5e
commit cc1da0773b

View File

@ -4,6 +4,7 @@
# default "";
# ~/CN=(?<CN>[^/]+) $CN;
#}
%set %%webDomain = %%authWebName.split('.',1)[1]
server {
listen 80;
@ -40,6 +41,8 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_hide_header Content-Security-Policy;
add_header Content-Security-Policy "default-src 'self'; form-action 'self' http://*.%%webDomain https://*.%%webDomain; object-src 'none'";
}