Fix content security policy during deployment. (#985)

mozilla-releng · Aug 20, 2019 · faef97c · faef97c
1 parent 5766a38
commit faef97c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/react-ui/scripts/deploy b/react-ui/scripts/deploy
@@ -11,7 +11,7 @@ curl "${APP_CONFIG_SECRET}" | python3 -c 'import json, sys; a = json.load(sys.st
 
 HEADERS=$(cat <<EOF
 { \
-    "Content-Security-Policy": "Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self' https://.gravatar.com https://.githubusercontent.com https://i1.wp.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src https://admin-stage.balrog.nonprod.cloudops.mozgcp.net/ https://auth.mozilla.auth0.com; frame-src https://auth.mozilla.auth0.com", \
+    "Content-Security-Policy": "default-src 'none'; script-src 'self'; img-src 'self' https://*.gravatar.com https://*.githubusercontent.com https://i1.wp.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src https://admin-stage.balrog.nonprod.cloudops.mozgcp.net/ https://auth.mozilla.auth0.com; frame-src https://auth.mozilla.auth0.com", \
     "Strict-Transport-Security": "max-age=63072000", \
     "X-Content-Type-Options": "nosniff", \
     "X-Frame-Options": "SAMEORIGIN", \