From 412014c1d91be57b6aeef62be83f5032803bca5d Mon Sep 17 00:00:00 2001
From: Timo Bejan <timo.bejan.ext@iqser.com>
Date: Wed, 10 Nov 2021 14:40:26 +0200
Subject: [PATCH] csp fix

---
 docker/common/nginx/nginx.conf | 4 +---
 docker/red-ui/Dockerfile       | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/docker/common/nginx/nginx.conf b/docker/common/nginx/nginx.conf
index ecae3e9cf..d392d8a36 100644
--- a/docker/common/nginx/nginx.conf
+++ b/docker/common/nginx/nginx.conf
@@ -6,9 +6,7 @@ server {
   root /usr/share/nginx/html;
   # SSL stuff for cloudflare proxy-ing - ignores SSL certificate and uses SNI
 
-  # add_header Content-Security-Policy "default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data: blob:; font-src 'self' data: blob:; script-src-elem 'self' data: blob:;";
-
-
+  add_header Content-Security-Policy "default-src 'self'; script-src 'self' data: 'unsafe-eval'; script-src-elem 'self' data:; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
 
   proxy_ssl_verify off;
   proxy_read_timeout 1m;
diff --git a/docker/red-ui/Dockerfile b/docker/red-ui/Dockerfile
index deb147e08..017b7067f 100644
--- a/docker/red-ui/Dockerfile
+++ b/docker/red-ui/Dockerfile
@@ -55,7 +55,7 @@ RUN chmod g+r -R /usr/share/nginx/html
 ## Change permissions to enable openShift functionality
 RUN chmod -R g+rwx /var/cache/nginx /var/run /var/log/nginx /usr/share /etc/nginx
 
-# USER 1001
+USER 1001
 
 COPY docker/red-ui/docker-entrypoint.sh /
 CMD ["/docker-entrypoint.sh"]