Allow csp connecting to oidcng .well-known

OpenConext · Oct 25, 2023 · 5ba65d3 · 5ba65d3
1 parent d57b5b2
commit 5ba65d3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -36,7 +36,7 @@ httpd_csp:
   lenient_with_static_img_with_oidcng: "default-src; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' {{ oidcng_vhost }}; img-src 'self' {{ static_vhost }} data:; form-action 'self'; base-uri 'none'"
   strict: "default-src; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' data:; form-action 'self'; base-uri 'none'"
   strict_with_static_img: "default-src; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' {{ static_vhost }} data:; form-action 'self'; base-uri 'none'"
-  lenient_with_static_img_for_idp: "default-src; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' {{ static_vhost }} data:; form-action 'self' *.{{ base_domain }}; base-uri 'none'"
+  lenient_with_static_img_for_idp: "default-src; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' {{ oidcng_vhost }}; img-src 'self' {{ static_vhost }} data:; form-action 'self' *.{{ base_domain }}; base-uri 'none'"
 
   nothing: "default-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'none'"