Change CORS headers for DC (!81) · Merge requests · umwelt-info / infrastruktur / testbetrieb

David Rauh requested to merge Change-CORS-headers-for-DC into main Feb 26, 2024

Content-Security-Policy was extended to allow inline scripts. Cross-Origin-Resource-Policy was changed to the default same-site and the allowed origins for web-sites were set in the keycloak realm (not part of the MR). For the keycloak popup the Cross-Origin-Opener-Policy was set to unsafe-none, other settings would not allow opening the popup and redirection after closing.

Edited Feb 26, 2024 by David Rauh

Change CORS headers for DC

Merge request reports