betagouv
/
mon-entreprise
mirror of https://github.com/betagouv/mon-entreprise
1
0
Fork 0
Code Releases Activity

🛡 Active la politique de sécurité de contenu 

La politique était pour l'instant en mode "Report-Only" mais nous
n'avons pas reçu de report sur Sentry donc elle doit bien couvrir toutes
les ressources utilisées.

(Et supprime un petit console.log au passage)
pull/1628/head
Maxime Quandalle 2021-06-21 15:36:45 +02:00
parent 1ec24399fc
commit fb05821629
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mon-entreprise/source/components/SearchBar.tsx
View File

@ -10,7 +10,6 @@ import { utils } from 'publicodes'
// We use a dynamic import to work around a typing problem https://github.com/betagouv/mon-entreprise/pull/1616#issuecomment-858629506
let worker: any
;(async function () {
console.log('okok')
const Worker = ((await import('./SearchBar.worker.js')) as any).default
worker = new Worker()
})()

2
netlify.toml
View File

@ -6,7 +6,7 @@ for = "/*"
#
# TODO : report-only for now to see if there are any errors in Senty
# https://github.com/betagouv/mon-entreprise/pull/1544#issuecomment-838511556
Content-Security-Policy-Report-Only = "default-src 'self' mon-entreprise.fr; style-src 'self' 'unsafe-inline' mon-entreprise.zammad.com; connect-src 'self' *.sentry.io raw.githubusercontent.com *.xiti.com mon-entreprise.zammad.com; form-action 'self' *.sibforms.com *.sentry.io mon-entreprise.zammad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' entreprise.data.gouv.fr geo.api.gouv.fr *.xiti.com stonly.com code.jquery.com mon-entreprise.zammad.com; img-src 'self' data: https://twemoji.maxcdn.com *.xiti.com user-images.githubusercontent.com; frame-src 'self' https://www.youtube-nocookie.com https://codesandbox.io"
Content-Security-Policy = "default-src 'self' mon-entreprise.fr; style-src 'self' 'unsafe-inline' mon-entreprise.zammad.com; connect-src 'self' *.sentry.io raw.githubusercontent.com *.xiti.com mon-entreprise.zammad.com; form-action 'self' *.sibforms.com *.sentry.io mon-entreprise.zammad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' entreprise.data.gouv.fr geo.api.gouv.fr *.xiti.com stonly.com code.jquery.com mon-entreprise.zammad.com; img-src 'self' data: https://twemoji.maxcdn.com *.xiti.com user-images.githubusercontent.com; frame-src 'self' https://www.youtube-nocookie.com https://codesandbox.io"
############
# Redirects following architectural changes