Remove obsolete block-all-mixed-content

This was removed in all major browsers with no replacement.
See https://www.w3.org/TR/mixed-content/#strict-checking for details on the obsolescence.
This commit is contained in:
Liam 2024-06-23 11:52:20 -04:00
parent fb24d09760
commit 2e5b0678cd

View file

@ -34,8 +34,7 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
{:form_action, ["'self'"]},
{:manifest_src, ["'self'"]},
{:img_src, ["'self'", "blob:", "data:", cdn_uri, camo_uri]},
{:media_src, ["'self'", "blob:", "data:", cdn_uri, camo_uri]},
{:block_all_mixed_content, []}
{:media_src, ["'self'", "blob:", "data:", cdn_uri, camo_uri]}
]
csp_value =