Fix for Vue js not loading due to CSP :(

This commit is contained in:
snipe 2020-06-25 11:00:33 -07:00
parent 35b9cf4b70
commit 339bdddc38
No known key found for this signature in database
GPG key ID: 10BFFDA3ED34B5AC

View file

@ -87,7 +87,7 @@ class SecurityHeaders
} }
// This defaults to false to maintain backwards compatibility // This defaults to false to maintain backwards compatibility for
// people who are not running Snipe-IT over TLS (shame, shame, shame!) // people who are not running Snipe-IT over TLS (shame, shame, shame!)
// Seriously though, please run Snipe-IT over TLS. Let's Encrypt is free. // Seriously though, please run Snipe-IT over TLS. Let's Encrypt is free.
// https://letsencrypt.org // https://letsencrypt.org
@ -102,7 +102,7 @@ class SecurityHeaders
if ((config('app.debug')!='true') || (config('app.enable_csp')=='true')) { if ((config('app.debug')!='true') || (config('app.enable_csp')=='true')) {
$csp_policy[] = "default-src 'self'"; $csp_policy[] = "default-src 'self'";
$csp_policy[] = "style-src 'self' 'unsafe-inline'"; $csp_policy[] = "style-src 'self' 'unsafe-inline'";
$csp_policy[] = "script-src 'self' 'unsafe-inline'"; $csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'";
$csp_policy[] = "connect-src 'self'"; $csp_policy[] = "connect-src 'self'";
$csp_policy[] = "object-src 'none'"; $csp_policy[] = "object-src 'none'";
$csp_policy[] = "font-src 'self' data:"; $csp_policy[] = "font-src 'self' data:";