Fork me on GitHub

Does anyone have information of how content-security-policy in pedestal should be configured to allow for an om-next SPA to run?


@zclj I don’t, but I’m checking with Paul.


Paul does have an answer. I’ll relay it once he’s done with a client call.


@zclj From Paul deGrandis: Ultimately, you’ll want to tailor the CSP policy to your application (Only expose what you’re using).  You can start with the most general policy as mentioned here: On master, the dev-mode setup for CSP is much more relaxed than when running in “Prod” mode, as mentioned on this issue: The new Service Template makes suggestions about in the service map around common options


@mtnygard Thanks to you and Paul for the resources, I will dig into them and learn more