Commit graph

2 commits

Author SHA1 Message Date
Alasdair Smith
676b70b2be Merge pull request #3899 from overleaf/ae-csp-report-sample
Add 'report-sample' to script-src CSP directive

GitOrigin-RevId: 1a2c26339e7ef353a89fc264b0f186a1d313e1bc
2021-04-15 02:05:16 +00:00
Alf Eaton
a5637651b5 Add Content-Security-Policy header (#3783)
* Add Content-Security-Policy header
* Add nonce attribute to script tags
* Use source-map for webpack devtool
* Add ng-csp attribute when CSP is enabled
* Allow overriding CSP settings with environment variables
* Hook into render and allow routes to disable the CSP header

GitOrigin-RevId: a873736a3514198165f1b2f1e18d002b65f20d30
2021-03-26 03:04:55 +00:00