ansible-role-redmine/templates/redmine_csp.rb.j2

{% if redmine_inside_iframe %}
Rails.application.config.content_security_policy do |policy|
  policy.default_src "*",  :data, :blob, "'unsafe-inline'", "'unsafe-eval'" 
  policy.font_src    "*",  :data, :blob, "'unsafe-inline'", "'unsafe-eval'" 
  policy.img_src     "*",  :data, :blob, "'unsafe-inline'", "'unsafe-eval'" 
  policy.object_src  "*",  :data, :blob, "'unsafe-inline'", "'unsafe-eval'" 
  policy.script_src  "*",  :data, :blob, "'unsafe-inline'", "'unsafe-eval'" 
  policy.style_src   "*",  :data, :blob, "'unsafe-inline'", "'unsafe-eval'" 

  # Specify URI for violation reports
  # policy.report_uri "/csp-violation-report-endpoint" 
end

#Rails.application.config.content_security_policy_report_only = true
{% endif %}
support for CORS and security-content. 2021-07-28 12:48:24 +02:00			`{% if redmine_inside_iframe %}`
			`Rails.application.config.content_security_policy do \|policy\|`
			`policy.default_src "*", :data, :blob, "'unsafe-inline'", "'unsafe-eval'"`
			`policy.font_src "*", :data, :blob, "'unsafe-inline'", "'unsafe-eval'"`
			`policy.img_src "*", :data, :blob, "'unsafe-inline'", "'unsafe-eval'"`
			`policy.object_src "*", :data, :blob, "'unsafe-inline'", "'unsafe-eval'"`
			`policy.script_src "*", :data, :blob, "'unsafe-inline'", "'unsafe-eval'"`
			`policy.style_src "*", :data, :blob, "'unsafe-inline'", "'unsafe-eval'"`

			`# Specify URI for violation reports`
			`# policy.report_uri "/csp-violation-report-endpoint"`
			`end`

			`#Rails.application.config.content_security_policy_report_only = true`
			`{% endif %}`