From c24744de5bdd4410d8a2871679f5489c20132ebd Mon Sep 17 00:00:00 2001 From: Shaun Ford Date: Thu, 17 May 2018 10:49:36 -0700 Subject: [PATCH 1/2] Fix content security policy --- .../java/com/nike/cerberus/security/SecurityHttpHeaders.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java b/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java index e65f5a209..68ab519c3 100644 --- a/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java +++ b/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java @@ -48,7 +48,7 @@ public class SecurityHttpHeaders extends DefaultHttpHeaders { * https://en.wikipedia.org/wiki/Content_Security_Policy */ private static final String CONTENT_SECURITY_POLICY_HEADER_NAME = "Content-Security-Policy"; - private static final String CONTENT_SECURITY_POLICY_HEADER_VALUE = "default-src 'none'; connect-src 'self'; font-src https://web.nike.com; img-src 'self'; script-src 'self'; style-src 'unsafe-inline' https://web.nike.com/; frame-ancestors 'none';"; + private static final String CONTENT_SECURITY_POLICY_HEADER_VALUE = "default-src 'none'; connect-src 'self'; font-src https://web.nike.com; img-src 'self'; script-src 'self'; style-src 'unsafe-inline' https://web.nike.com/; worker-src 'self' blob:; frame-ancestors 'none';"; /** * Referrer Policy header can restrict referrer information sent by browser From 0b8cbd2309441a28018552053d2fdc2ea13fceb5 Mon Sep 17 00:00:00 2001 From: Shaun Ford Date: Thu, 17 May 2018 11:18:56 -0700 Subject: [PATCH 2/2] Update gradle version to 3.15.4 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index a6ea88d3d..56e64b916 100644 --- a/gradle.properties +++ b/gradle.properties @@ -14,6 +14,6 @@ # limitations under the License. # -version=3.15.3 +version=3.15.4 groupId=com.nike.cerberus artifactId=cms