From 948272568988ac743becc618b65931195d666847 Mon Sep 17 00:00:00 2001 From: igorbeslic Date: Fri, 20 Dec 2024 12:17:53 +0100 Subject: [PATCH] 1814 content-security-policy - change to wildcard - seems that it is risky to depend on particular subdomain that can dynamically change --- .../apps/server-app/src/main/resources/config/application.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/apps/server-app/src/main/resources/config/application.yml b/server/apps/server-app/src/main/resources/config/application.yml index a2a9d6dc65..e081a12e57 100644 --- a/server/apps/server-app/src/main/resources/config/application.yml +++ b/server/apps/server-app/src/main/resources/config/application.yml @@ -233,7 +233,7 @@ bytechef: resources: web: file:///opt/bytechef/client/ security: - content-security-policy: "default-src 'self'; frame-src 'self' https://*.command.ai data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.command.ai https://*.commandbar.com https://*.i.posthog.com https://cdn.jsdelivr.net https://storage.googleapis.com; style-src 'self' 'unsafe-inline' https://*.commandbar.com https://cdn.jsdelivr.net https://*.command.ai; img-src 'self' https://*.command.ai data:; font-src 'self' data:; media-src 'self' https://*.command.ai; connect-src 'self' https://*.command.ai https://*.i.posthog.com https://api.commandbar.com;" + content-security-policy: "default-src 'self'; frame-src 'self' https://*.command.ai data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.command.ai https://*.commandbar.com https://*.i.posthog.com https://cdn.jsdelivr.net https://storage.googleapis.com; style-src 'self' 'unsafe-inline' https://*.commandbar.com https://cdn.jsdelivr.net https://*.command.ai; img-src 'self' https://*.command.ai data:; font-src 'self' data:; media-src 'self' https://*.command.ai; connect-src 'self' https://*.command.ai https://*.i.posthog.com https://*.commandbar.com;" sign-up: temp-domain-list-url: #https://gist.githubusercontent.com/SimonHoiberg/f5a23b1fa3762330c8af1e9090918b63/raw/53963d0dbdd93c594fbc067cee95966156ee066b/temp-email-list.txt