Closed jlledom closed 2 days ago
What this PR does / why we need it:
Running Rapidast against 3scale reveals the next warning about apisonator:
Content Security Policy (CSP) Header Not Set
In order to fix the warning, we must return the CSP header in all requests to the listener
Which issue(s) this PR fixes
https://issues.redhat.com/browse/THREESCALE-10688
Verification steps
Curl the listener with the appropriate parameters:
curl -v 'http://localhost:3001/transactions/authrep.xml?service_token=<TOKEN>&service_id=<SERVICE_ID>&user_key=<USER_KEY>&usage%5Bhits%5D=1'
You should see the CSP header in the response:
content-security-policy: default-src 'self'
Special notes for your reviewer:
Some useful links about CSP:
What this PR does / why we need it:
Running Rapidast against 3scale reveals the next warning about apisonator:
In order to fix the warning, we must return the CSP header in all requests to the listener
Which issue(s) this PR fixes
https://issues.redhat.com/browse/THREESCALE-10688
Verification steps
Curl the listener with the appropriate parameters:
You should see the CSP header in the response:
Special notes for your reviewer:
Some useful links about CSP: