@@ -171,7 +171,7 @@ frontend:
171
171
containerPort : 8080
172
172
ingress :
173
173
customHeaders :
174
- " Content-Security-Policy " : " default-src 'none'; manifest-src 'self' https://*.gouv.fr; connect-src 'self' https://*.gouv.fr https://api.tally.so https://*.tally.so; font-src 'self' https://fonts.gstatic.com https://tally.so https://*.tally.so; img-src 'self' https://tally.so https://*.tally.so data:; script-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so; frame-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so; style-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so"
174
+ " Content-Security-Policy " : " default-src 'none'; manifest-src 'self' https://*.gouv.fr; connect-src 'self' https://*.gouv.fr https://api.tally.so https://*.tally.so; font-src 'self' https://fonts.gstatic.com https://tally.so https://*.tally.so; img-src 'self' https://tally.so https://*.tally.so data:; script-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so; frame-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so; style-src 'self' 'unsafe-inline' https://*.gouv.fr https://tally.so https://*.tally.so"
175
175
" X-Frame-Options " : " deny"
176
176
" X-Content-Type-Options " : " nosniff"
177
177
" X-XSS-Protection " : " 0"
@@ -195,7 +195,7 @@ portail-admins:
195
195
host : " admin-{{ .Values.global.host }}"
196
196
ingress :
197
197
customHeaders :
198
- " Content-Security-Policy " : " default-src 'none'; manifest-src 'self' https://*.gouv.fr; connect-src 'self' https://*.gouv.fr; font-src 'self'; img-src 'self' data:; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' https://*.gouv.fr"
198
+ " Content-Security-Policy " : " default-src 'none'; manifest-src 'self' https://*.gouv.fr; connect-src 'self' https://*.gouv.fr; font-src 'self'; img-src 'self' data:; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline' https://*.gouv.fr"
199
199
" X-Frame-Options " : " deny"
200
200
" X-Robots-Tag " : " noindex, nofollow, nosnippet, noarchive"
201
201
" X-Content-Type-Options " : " nosniff"
@@ -214,7 +214,7 @@ portail-usagers:
214
214
host : " mon-{{ .Values.global.host }}"
215
215
ingress :
216
216
customHeaders :
217
- " Content-Security-Policy " : " default-src 'none'; manifest-src 'self' https://*.gouv.fr; connect-src 'self' https://*.gouv.fr https://api.tally.so https://*.tally.so; font-src 'self' https://fonts.gstatic.com https://tally.so https://*.tally.so; img-src 'self' https://tally.so https://*.tally.so data:; script-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so; frame-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so; style-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so"
217
+ " Content-Security-Policy " : " default-src 'none'; manifest-src 'self' https://*.gouv.fr; connect-src 'self' https://*.gouv.fr https://api.tally.so https://*.tally.so; font-src 'self' https://fonts.gstatic.com https://tally.so https://*.tally.so; img-src 'self' https://tally.so https://*.tally.so data:; script-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so; frame-src 'self' https://*.gouv.fr https://tally.so https://*.tally.so; style-src 'self' 'unsafe-inline' https://*.gouv.fr https://tally.so https://*.tally.so"
218
218
" X-Frame-Options " : " deny"
219
219
" X-Content-Type-Options " : " nosniff"
220
220
" X-XSS-Protection " : " 0"
0 commit comments