fix: remove unsafe-inline in src policy

pagopa · Oct 17, 2024 · e2a254c · e2a254c
1 parent 4a0c4c4
commit e2a254c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/domains/checkout-app/05_checkout_fe.tf b/src/domains/checkout-app/05_checkout_fe.tf
@@ -80,7 +80,7 @@ module "checkout_cdn" {
       {
         action = "Append"
         name   = local.content_security_policy_header_name
-        value  = "script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://${local.npg_sdk_hostname};"
+        value  = "script-src 'self' https://www.google.com https://www.gstatic.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://${local.npg_sdk_hostname};"
       },
       {
         action = "Append"