From aaa80ae678b256525d1c32bf4d978905bb5076f1 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Sun, 23 Jul 2023 14:36:04 +0200
Subject: [PATCH] final csp

---
 cluster/prod/app/garage/deploy/garage.hcl | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl
index 34eb0cc..26f76de 100644
--- a/cluster/prod/app/garage/deploy/garage.hcl
+++ b/cluster/prod/app/garage/deploy/garage.hcl
@@ -98,8 +98,7 @@ job "garage" {
         tags = [
             "garage-web",
             "tricot * 1",
-            #"tricot-add-header Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://code.jquery.com/; frame-ancestors 'self'",
-            "tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'",
+            "tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'; object-src 'none'",
             "tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
             "tricot-add-header X-Frame-Options SAMEORIGIN",
             "tricot-add-header X-XSS-Protection 1; mode=block",