Update app.yml CSP Directives Formatting

Piping in directives on new lines allows for easier diff viewing when applying new changes.
KostelidisDev · Aug 8, 2024 · f3bca15 · f3bca15
1 parent 70619d9
commit f3bca15
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/config/app.yml b/config/app.yml
@@ -67,7 +67,15 @@ all:
       # 'Content-Security-Policy-Report-Only' or 'Content-Security-Policy'
       response_header: Content-Security-Policy-Report-Only
       # Configure CSP response directives.
-      directives: "default-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data: https://www.gravatar.com/avatar/ https://*.google-analytics.com https://*.googletagmanager.com blob:; script-src 'self' https://*.googletagmanager.com 'nonce' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; style-src 'self' 'nonce' https://fonts.googleapis.com; worker-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; frame-ancestors 'self';"
+      directives: |
+        default-src 'self'; 
+        font-src 'self' https://fonts.gstatic.com; 
+        img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data: https://www.gravatar.com/avatar/ https://*.google-analytics.com https://*.googletagmanager.com blob:; 
+        script-src 'self' https://*.googletagmanager.com 'nonce' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; 
+        style-src 'self' 'nonce' https://fonts.googleapis.com; 
+        worker-src 'self' blob:; 
+        connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; 
+        frame-ancestors 'self';
 
   ldap:
       enable_tls_encryption: true