fix: disable CSP to check out what it breaks

Geoportail-Luxembourg · Feb 8, 2021 · ee28687 · ee28687
1 parent ba7b155
commit ee28687
Showing 1 changed file with 1 addition and 12 deletions.
diff --git a/geoportal/vars.yaml b/geoportal/vars.yaml
@@ -5,18 +5,7 @@ extends: CONST_vars.yaml
 vars:
   global_headers:
     - pattern: '.*'
-      headers:
-        X-Frame-Options: SAMEORIGIN
-        X-Xss-Protection: 1; mode=block
-        X-Content-Type-Options: nosniff
-        Referrer-Policy: origin
-        Strict-Transport-Security: max-age=31536000; includeSubDomains
-        Content-Security-Policy:
-          "default-src {content_security_policy_main_default_src};
-          script-src blob: 'unsafe-eval' https://statistics.geoportail.lu {content_security_policy_main_script_src};
-          style-src {content_security_policy_main_style_src};
-          img-src  blob: {content_security_policy_main_img_src};
-          connect-src {content_security_policy_main_connect_src}"
+      headers: {}
 
   # Custom keys
   authorized_ips: null