[DEP] adjusted Dockerfile; adjusted CSP

dameyerdave · dameyerdave · commit 33466fcf32fa · 2022-12-13T13:24:23.000+01:00
diff --git a/svip-o-vue/Dockerfile b/svip-o-vue/Dockerfile
@@ -10,6 +10,6 @@ RUN npm install
 RUN npx browserslist@latest --update-db
 
 # mask out the host's node_modules from being included in the container, even when bind-mounting
-VOLUME /app/node_modules/
+# VOLUME /app/node_modules/
 
 # COPY . ./
diff --git a/svip_api/svip_server/settings/base.py b/svip_api/svip_server/settings/base.py
@@ -237,7 +237,7 @@
 # Allow some urls to be integrated in iframes
 CSP_DEFAULT_SRC = ["'self'"]
 CSP_SCRIPT_SRC = ["https://cdnjs.cloudflare.com",
-                  "'self' 'unsafe-inline' 'unsafe-eval'"]
+                  "'unsafe-inline'"]
 CSP_STYLE_SRC = ["https://cdnjs.cloudflare.com",
                  "https://fonts.googleapis.com",
                  "'self' 'unsafe-inline'"]
