[checkmk-commits] Fixed NagVis administration after introducing CSP

Module: check_mk Branch: master Commit: 470c98da31f317c073f714aac84c63cbff1a3e39 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=470c98da31f317… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jan 7 11:50:50 2019 +0100 Fixed NagVis administration after introducing CSP Change-Id: I5e44efd3d79b805d00c91fe141896ab194be455b --- omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf b/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf index 01e185a..8f1d5c1 100644 --- a/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf +++ b/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf @@ -29,7 +29,8 @@ Header always append Content-Security-Policy "base-uri 'self'" # Form submissions are limited to current scheme/url/port - Header always append Content-Security-Policy "form-action 'self'" + # "javascript: 'unsafe-inline'" have been added for NagVis (Options > ... forms) + Header always append Content-Security-Policy "form-action 'self' javascript: 'unsafe-inline'" # Disallow plugins like flash or java Header always append Content-Security-Policy "object-src 'none'"