Fork me on GitHub
#pedestal
<
2017-10-02
>
zclj14:10:11

Does anyone have information of how content-security-policy in pedestal should be configured to allow for an om-next SPA to run?

mtnygard14:10:23

@zclj I don’t, but I’m checking with Paul.

mtnygard14:10:16

Paul does have an answer. I’ll relay it once he’s done with a client call.

mtnygard16:10:36

@zclj From Paul deGrandis: Ultimately, you’ll want to tailor the CSP policy to your application (Only expose what you’re using).  You can start with the most general policy as mentioned here: https://github.com/pedestal/pedestal/issues/499 On master, the dev-mode setup for CSP is much more relaxed than when running in “Prod” mode, as mentioned on this issue: https://github.com/pedestal/pedestal/pull/522 The new Service Template makes suggestions about in the service map around common options

zclj18:10:37

@mtnygard Thanks to you and Paul for the resources, I will dig into them and learn more