diff --git a/grafana-files/grafana.ini b/grafana-files/grafana.ini index 7b17aa0..b2343d4 100644 --- a/grafana-files/grafana.ini +++ b/grafana-files/grafana.ini @@ -366,7 +366,7 @@ content_security_policy = true # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. # $NONCE in the template includes a random nonce. # $ROOT_PATH is server.root_url without the protocol. -content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' localhost 20.107.65.156.nip.io/grafana dev.develop-child-family-social-work-career.education.gov.uk/grafana test.develop-child-family-social-work-career.education.gov.uk/grafana pre-prod.develop-child-family-social-work-career.education.gov.uk/grafana develop-child-family-social-work-career.education.gov.uk/grafana www.dev.develop-child-family-social-work-career.education.gov.uk/grafana www.test.develop-child-family-social-work-career.education.gov.uk/grafana www.pre-prod.develop-child-family-social-work-career.education.gov.uk/grafana www.develop-child-family-social-work-career.education.gov.uk/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" +content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' 20.107.65.156.nip.io/grafana dev.develop-child-family-social-work-career.education.gov.uk/grafana test.develop-child-family-social-work-career.education.gov.uk/grafana pre-prod.develop-child-family-social-work-career.education.gov.uk/grafana develop-child-family-social-work-career.education.gov.uk/grafana www.develop-child-family-social-work-career.education.gov.uk/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" # Enable adding the Content-Security-Policy-Report-Only header to your requests. # Allows you to monitor the effects of a policy without enforcing it.