fixed content-security-policy for sandbox

Signed-off-by: Thomas Jaeckle <thomas.jaeckle@bosch.io>
eclipse-ditto · Dec 7, 2022 · 1eec8a9 · 1eec8a9
1 parent 18c37ed
commit 1eec8a9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/deployment/docker/sandbox/nginx.conf b/deployment/docker/sandbox/nginx.conf
@@ -143,7 +143,7 @@ http {
 
     # security relevant headers:
     add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;";
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' cdnjs.cloudflare.com;" always;
+    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com;" always;
     expires 1y;
     add_header Cache-Control "public, no-transform";
     add_header X-Content-Type-Options nosniff;