Details
-
Task
-
Resolution: Outdated
-
Neutral
-
None
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
As seen in SRE-800, the default CSP header value coming from magnolia-now-configuration is not working well with the demo.
Despite a few attempts on SRE side, it wasn't straightforward to find an updated value that would do the job:
- there are many scripts/fonts/resources being loaded
- SREs don't know this project thorougly
It would be better for security that somebody goes through the whole demo site to either determine which CSP headers need to be allowed, or bundle resources in the project itself.
Checklists
Acceptance criteria