From ee28687e3fa2c5a92b5e9f45bf890139d1e13a05 Mon Sep 17 00:00:00 2001
From: Antoine Abt <antoine@abt.im>
Date: Mon, 8 Feb 2021 11:33:32 +0100
Subject: [PATCH] fix: disable CSP to check out what it breaks

---
 geoportal/vars.yaml | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/geoportal/vars.yaml b/geoportal/vars.yaml
index e22e688d0..5f52473da 100644
--- a/geoportal/vars.yaml
+++ b/geoportal/vars.yaml
@@ -5,18 +5,7 @@ extends: CONST_vars.yaml
 vars:
   global_headers:
     - pattern: '.*'
-      headers:
-        X-Frame-Options: SAMEORIGIN
-        X-Xss-Protection: 1; mode=block
-        X-Content-Type-Options: nosniff
-        Referrer-Policy: origin
-        Strict-Transport-Security: max-age=31536000; includeSubDomains
-        Content-Security-Policy:
-          "default-src {content_security_policy_main_default_src};
-          script-src blob: 'unsafe-eval' https://statistics.geoportail.lu {content_security_policy_main_script_src};
-          style-src {content_security_policy_main_style_src};
-          img-src  blob: {content_security_policy_main_img_src};
-          connect-src {content_security_policy_main_connect_src}"
+      headers: {}
 
   # Custom keys
   authorized_ips: null