remove default CSP

SocialGouv · Aug 3, 2023 · f68bdd2 · f68bdd2
1 parent 5a9e24c
commit f68bdd2
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml
@@ -4,13 +4,13 @@ app:
   containerPort: 3000
   imagePackage: app # implicit
   probesPath: /api/healthz
-  ingress:
-    annotations:
-      nginx.ingress.kubernetes.io/configuration-snippet: |
-        more_set_headers "Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; img-src 'self'; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'";
-        more_set_headers "X-Frame-Options: deny";
-        more_set_headers "X-XSS-Protection: 1; mode=block";
-        more_set_headers "X-Content-Type-Options: nosniff";
+  # ingress:
+  #   annotations:
+  #     nginx.ingress.kubernetes.io/configuration-snippet: |
+  #       more_set_headers "Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; img-src 'self'; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'";
+  #       more_set_headers "X-Frame-Options: deny";
+  #       more_set_headers "X-XSS-Protection: 1; mode=block";
+  #       more_set_headers "X-Content-Type-Options: nosniff";
 
 jobs:
   runs: