🛡️ Politique de sécurité en Report-Only

Pour remonter les éventuels problèmes de configuration sur Sentry sans provoquer d'erreurs pour les utilisateurs.
2021-05-11 15:52:00 +02:00 · 2021-05-11 15:52:00 +02:00 · d6eb2dd43d
parent c2789c8edd
commit d6eb2dd43d
1 changed files with 4 additions and 1 deletions
--- a/netlify.toml
+++ b/netlify.toml
@ -3,7 +3,10 @@ for = "/*"
 [headers.values]
 # TODO : self-host emojies to remove twemoji.maxcdn.com
 # https://github.com/betagouv/mon-entreprise/issues/1219
-Content-Security-Policy = "default-src 'self' mon-entreprise.fr; style-src 'self' 'unsafe-inline' mon-entreprise.zammad.com; connect-src 'self' *.sentry.io raw.githubusercontent.com *.xiti.com mon-entreprise.zammad.com; form-action 'self' *.sibforms.com *.sentry.io mon-entreprise.zammad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' entreprise.data.gouv.fr geo.api.gouv.fr *.xiti.com stonly.com code.jquery.com mon-entreprise.zammad.com; img-src 'self' data: https://twemoji.maxcdn.com *.xiti.com user-images.githubusercontent.com; frame-src 'self' https://www.youtube-nocookie.com https://codesandbox.io"
+#
+# TODO : report-only for now to see if there are any errors in Senty
+# https://github.com/betagouv/mon-entreprise/pull/1544#issuecomment-838511556
+Content-Security-Policy-Report-Only = "default-src 'self' mon-entreprise.fr; style-src 'self' 'unsafe-inline' mon-entreprise.zammad.com; connect-src 'self' *.sentry.io raw.githubusercontent.com *.xiti.com mon-entreprise.zammad.com; form-action 'self' *.sibforms.com *.sentry.io mon-entreprise.zammad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' entreprise.data.gouv.fr geo.api.gouv.fr *.xiti.com stonly.com code.jquery.com mon-entreprise.zammad.com; img-src 'self' data: https://twemoji.maxcdn.com *.xiti.com user-images.githubusercontent.com; frame-src 'self' https://www.youtube-nocookie.com https://codesandbox.io"

 ############
 # Redirects following architectural changes