674cd4a88c
Our Supervisor callback handler now needs to load JS and CSS from the provider endpoint, and this JS needs to make a `fetch()` call across origins (to post the form to the CLI callback). This requires a custom Content-Security-Policy compared to other pages we render. Signed-off-by: Matt Moyer <moyerm@vmware.com> |
||
---|---|---|
.. | ||
securityheader_test.go | ||
securityheader.go |