From 56e19ff2e5dd39e48ff6d7ce61d330c861840536 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Tue, 3 Oct 2023 16:00:11 +0200
Subject: [PATCH] remove default HTTP CSP, put your CSP in your HTML

---
 cluster/prod/app/garage/deploy/garage.hcl | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl
index 0a89a89..aed4bb9 100644
--- a/cluster/prod/app/garage/deploy/garage.hcl
+++ b/cluster/prod/app/garage/deploy/garage.hcl
@@ -134,7 +134,6 @@ job "garage" {
         tags = [
             "garage-web",
             "tricot * 1",
-            "tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'; object-src 'none'",
             "tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
             "tricot-add-header X-Frame-Options SAMEORIGIN",
             "tricot-add-header X-XSS-Protection 1; mode=block",