diff options
| author | Ed Tanous <ed.tanous@intel.com> | 2018-12-06 18:11:49 +0000 |
|---|---|---|
| committer | Ed Tanous <ed.tanous@intel.com> | 2018-12-06 23:43:21 +0000 |
| commit | 63c7908ddb4647c995f1cb0e121e6b313146ada9 (patch) | |
| tree | fde939e0abec03860492678ffe71c14b49da1590 /include/security_headers_middleware.hpp | |
| parent | 3112a144b3d47b8927ef1ad0eaa2094c7fbb96fe (diff) | |
| download | bmcweb-63c7908ddb4647c995f1cb0e121e6b313146ada9.tar.gz bmcweb-63c7908ddb4647c995f1cb0e121e6b313146ada9.zip | |
Revert "Update Content-Security-Policy"
This reverts commit 99ad5995089bace233dac20de28ef021591d89c1.
Reason for revert:
This causes a major regression on the web console. Login page fails to load in chrome, with a content-security-policy error. Reverting to regain stability, then we can reopen with a new patchset.
Change-Id: If75b6614ad4cd9732725893040a85589e0d1bb9a
Diffstat (limited to 'include/security_headers_middleware.hpp')
| -rw-r--r-- | include/security_headers_middleware.hpp | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp index 04fc913..561fd81 100644 --- a/include/security_headers_middleware.hpp +++ b/include/security_headers_middleware.hpp @@ -18,9 +18,8 @@ static const char* xframeValue = "DENY"; static const char* xssKey = "X-XSS-Protection"; static const char* xssValue = "1; mode=block"; -static const char* contentSecurityKey = "Content-Security-Policy"; -static const char* contentSecurityValue = - "script-src 'self'; object-src 'self'"; +static const char* contentSecurityKey = "X-Content-Security-Policy"; +static const char* contentSecurityValue = "default-src 'self'"; static const char* pragmaKey = "Pragma"; static const char* pragmaValue = "no-cache"; |
