Work around CSP form-action issue with CAS.
Replace header with nicer values
This commit is contained in:
parent
e0c7ca8f5e
commit
cc1da0773b
@ -4,6 +4,7 @@
|
||||
# default "";
|
||||
# ~/CN=(?<CN>[^/]+) $CN;
|
||||
#}
|
||||
%set %%webDomain = %%authWebName.split('.',1)[1]
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
@ -40,6 +41,8 @@ server {
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_hide_header Content-Security-Policy;
|
||||
add_header Content-Security-Policy "default-src 'self'; form-action 'self' http://*.%%webDomain https://*.%%webDomain; object-src 'none'";
|
||||
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user