csp: report-only for now (#4029)
good call out @SomeHats! ### Change Type <!-- ❗ Please select a 'Type' label ❗️ --> - [ ] `feature` — New feature - [ ] `improvement` — Product improvement - [ ] `api` — API change - [ ] `bugfix` — Bug fix - [x] `other` — Changes that don't affect SDK users, e.g. internal or .com changes ### Release Notes - CSP: only do report-only for now until we're sure it's ok.
This commit is contained in:
parent
3d07262e20
commit
576426eba9
1 changed files with 1 additions and 1 deletions
|
@ -37,7 +37,7 @@ const commonSecurityHeaders = {
|
|||
'Strict-Transport-Security': 'max-age=63072000; includeSubDomains; preload',
|
||||
'X-Content-Type-Options': 'nosniff',
|
||||
'Referrer-Policy': 'no-referrer-when-downgrade',
|
||||
'Content-Security-Policy': csp,
|
||||
'Content-Security-Policy-Report-Only': csp,
|
||||
}
|
||||
|
||||
// We load the list of routes that should be forwarded to our SPA's index.html here.
|
||||
|
|
Loading…
Reference in a new issue