Skip to content

Commit 7b40b02

Browse files
kbekerkbeker
committed
Merge branch 'release/v0.13.4'
2 parents 27325c7 + 25692ef commit 7b40b02

3 files changed

Lines changed: 9 additions & 1 deletion

File tree

RELEASE-NOTES.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
1+
### v0.13.4
2+
3+
##### Bugfixes
4+
- Bugfix deployment scripts ([#626](https://github.com/Code-Poets/sheetstorm/pull/626))
5+
6+
7+
18
### v0.13.3
29

310
##### Features

sheetstorm-deployment/deploy.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,5 @@
99
roles:
1010
- { role: maintenance_mode, maintenance_mode: enable }
1111
- configure_sheetstorm_environment
12+
- configure_nginx
1213
- { role: maintenance_mode, maintenance_mode: disable }

sheetstorm-deployment/roles/configure_nginx/templates/shared-security-headers.conf.j2

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,4 @@ add_header X-XSS-Protection "1; mode=block";
1111
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
1212

1313
# Add Content Security Policy header that defines from which sources, browser can download content.
14-
add_header Content-Security-Policy "base-uri 'self'; form-action 'self'; default-src 'none'; script-src 'self' {% for source in content_security_policy_header.allow_script_sources %}{{ source }} {% endfor %}; connect-src 'self'; img-src 'self' {% for source in content_security_policy_header.allow_image_sources %}{{ source }} {% endfor %}; font-src 'self' {% for source in content_security_policy_header.allow_font_sources %}{{ source }} {% endfor %}; style-src 'self' {% for source in content_security_policy_header.allow_stylesheet_sources %}{{ source }} {% endfor %}; object-src 'none'; frame-ancestors 'none';" always;
14+
add_header Content-Security-Policy "base-uri 'self'; form-action 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' {% for source in content_security_policy_header.allow_script_sources %}{{ source }} {% endfor %}; connect-src 'self'; img-src 'self' {% for source in content_security_policy_header.allow_image_sources %}{{ source }} {% endfor %}; font-src 'self' {% for source in content_security_policy_header.allow_font_sources %}{{ source }} {% endfor %}; style-src 'self' 'unsafe-inline' {% for source in content_security_policy_header.allow_stylesheet_sources %}{{ source }} {% endfor %}; object-src 'none'; frame-ancestors 'none';" always;

0 commit comments

Comments
 (0)