Module: check_mk
Branch: master
Commit: 470c98da31f317c073f714aac84c63cbff1a3e39
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=470c98da31f317…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 7 11:50:50 2019 +0100
Fixed NagVis administration after introducing CSP
Change-Id: I5e44efd3d79b805d00c91fe141896ab194be455b
---
omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
b/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
index 01e185a..8f1d5c1 100644
--- a/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
+++ b/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
@@ -29,7 +29,8 @@
Header always append Content-Security-Policy "base-uri 'self'"
# Form submissions are limited to current scheme/url/port
- Header always append Content-Security-Policy "form-action 'self'"
+ # "javascript: 'unsafe-inline'" have been added for NagVis (Options
> ... forms)
+ Header always append Content-Security-Policy "form-action 'self'
javascript: 'unsafe-inline'"
# Disallow plugins like flash or java
Header always append Content-Security-Policy "object-src 'none'"