Configuration has been moved from config/environment.js to config/content-security-policy.js.
The configuration keys have been changed as well. Please follow these steps for migrating your existing configuration:
- Create
config/content-security-policy.jsfile with default configuration as shown in readme. - If existing config defines a custom policy object under
contentSecurityPolicykey, copy that one topolicykey in newly created config file. The application's policy object is not merged with default policy object anymore. Therefore you should add missing keys from default policy object to your application specific policy directives. - If existing config contains
contentSecurityPolicyHeader = "Content-Security-Policy", includereportOnly: false. - If existing config contains
contentSecurityPolicyMeta = true, includedelivery: ['header', 'meta'].
Please refer to documentation in readme for details on new configuration syntax.