From fb058216292ecdcd14067baf245c75c95db1ab10 Mon Sep 17 00:00:00 2001 From: Maxime Quandalle Date: Mon, 21 Jun 2021 15:36:45 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=20Active=20la=20politique=20de=20s?= =?UTF-8?q?=C3=A9curit=C3=A9=20de=20contenu?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit La politique était pour l'instant en mode "Report-Only" mais nous n'avons pas reçu de report sur Sentry donc elle doit bien couvrir toutes les ressources utilisées. (Et supprime un petit console.log au passage) --- mon-entreprise/source/components/SearchBar.tsx | 1 - netlify.toml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/mon-entreprise/source/components/SearchBar.tsx b/mon-entreprise/source/components/SearchBar.tsx index 842f558f8..1d48879eb 100644 --- a/mon-entreprise/source/components/SearchBar.tsx +++ b/mon-entreprise/source/components/SearchBar.tsx @@ -10,7 +10,6 @@ import { utils } from 'publicodes' // We use a dynamic import to work around a typing problem https://github.com/betagouv/mon-entreprise/pull/1616#issuecomment-858629506 let worker: any ;(async function () { - console.log('okok') const Worker = ((await import('./SearchBar.worker.js')) as any).default worker = new Worker() })() diff --git a/netlify.toml b/netlify.toml index 9b43b3d8b..c90db0bb4 100644 --- a/netlify.toml +++ b/netlify.toml @@ -6,7 +6,7 @@ for = "/*" # # TODO : report-only for now to see if there are any errors in Senty # https://github.com/betagouv/mon-entreprise/pull/1544#issuecomment-838511556 -Content-Security-Policy-Report-Only = "default-src 'self' mon-entreprise.fr; style-src 'self' 'unsafe-inline' mon-entreprise.zammad.com; connect-src 'self' *.sentry.io raw.githubusercontent.com *.xiti.com mon-entreprise.zammad.com; form-action 'self' *.sibforms.com *.sentry.io mon-entreprise.zammad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' entreprise.data.gouv.fr geo.api.gouv.fr *.xiti.com stonly.com code.jquery.com mon-entreprise.zammad.com; img-src 'self' data: https://twemoji.maxcdn.com *.xiti.com user-images.githubusercontent.com; frame-src 'self' https://www.youtube-nocookie.com https://codesandbox.io" +Content-Security-Policy = "default-src 'self' mon-entreprise.fr; style-src 'self' 'unsafe-inline' mon-entreprise.zammad.com; connect-src 'self' *.sentry.io raw.githubusercontent.com *.xiti.com mon-entreprise.zammad.com; form-action 'self' *.sibforms.com *.sentry.io mon-entreprise.zammad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' entreprise.data.gouv.fr geo.api.gouv.fr *.xiti.com stonly.com code.jquery.com mon-entreprise.zammad.com; img-src 'self' data: https://twemoji.maxcdn.com *.xiti.com user-images.githubusercontent.com; frame-src 'self' https://www.youtube-nocookie.com https://codesandbox.io" ############ # Redirects following architectural changes