fix(stark-build): remove csp 'plugin-types' rule and adapt 'object-sr…

…c' rule ISSUES CLOSED: #3086
NationalBankBelgium · Nov 17, 2021 · f6b7a56 · f6b7a56
1 parent 64ce32f
commit f6b7a56
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/packages/stark-build/config/webpack-partial.dev.js b/packages/stark-build/config/webpack-partial.dev.js
@@ -40,8 +40,7 @@ const cspDirectives = [
 	"frame-ancestors 'none'", // the app will not be allowed to be embedded in an iframe (roughly equivalent to X-Frame-Options: DENY)
 	"img-src 'self' data: image/png", // data: image/png is due to ui-router visualizer loading PNG images
 	"media-src 'self'",
-	"object-src 'self'",
-	"plugin-types application/pdf" // valid mime-types for plugins invoked via <object> and <embed>
+	"object-src 'self' data:"
 	// "script-src 'self'", // FIXME: enable as soon as the issue is fixed in Angular (https://github.com/angular/angular-cli/issues/6872 )
 	// "style-src 'self' 'nonce-uiroutervisualizer' 'nonce-cef324d21ec5483c8819cc7a5e33c4a2'" // we define the same nonce value as in the style-loader // FIXME: DomSharedStylesHost.prototype._addStylesToHost in platform-browser.js adds inline style!
 ];