janbrasna
commented
4 months ago wontfix as this won't be used here anymore:
-
14596
Closed janbrasna closed 4 months ago
janbrasna
commented
4 months ago wontfix as this won't be used here anymore:
Description
The production Pocket bedrock CSP includes both
EXTRA_CSP_DEFAULT_SRCand_csp_connect_extra_for_dev, like if the wrong www-config is picked up (because I don't see any logic bug in the django/csp code, and it works correctly for mozorg mode — so it has to be the env values for getpocket.com that cause this?)Steps to reproduce
~ $ http -v HEAD https://getpocket.com/en/about/
Expected result
Actual result