diff --git a/backend/src/main/java/ch/puzzle/okr/SecurityConfig.java b/backend/src/main/java/ch/puzzle/okr/SecurityConfig.java index 7bd87b4c2f..5b2cdf77c9 100644 --- a/backend/src/main/java/ch/puzzle/okr/SecurityConfig.java +++ b/backend/src/main/java/ch/puzzle/okr/SecurityConfig.java @@ -47,8 +47,9 @@ private HttpSecurity setHeaders(HttpSecurity http) throws Exception { + "script-src 'self' 'unsafe-inline';" + " style-src 'self' 'unsafe-inline';" + " object-src 'none';" + " base-uri 'self';" + " connect-src 'self' https://sso.puzzle.ch http://localhost:8544;" - + " font-src 'self';" + " frame-src 'self';" + " img-src 'self' data: ;" - + " manifest-src 'self';" + " media-src 'self';" + " worker-src 'none';")) + + " font-src 'self';" + " frame-src 'self';" + + " img-src 'self' data: blob:;" + " manifest-src 'self';" + + " media-src 'self';" + " worker-src 'none';")) .crossOriginEmbedderPolicy(coepCustomizer -> coepCustomizer .policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy.REQUIRE_CORP)) .crossOriginOpenerPolicy(coopCustomizer -> coopCustomizer diff --git a/backend/src/main/resources/db/h2-db/data-test-h2/V100_0_0__TestData.sql b/backend/src/main/resources/db/h2-db/data-test-h2/V100_0_0__TestData.sql index 8b3131a332..50741ef6b3 100644 --- a/backend/src/main/resources/db/h2-db/data-test-h2/V100_0_0__TestData.sql +++ b/backend/src/main/resources/db/h2-db/data-test-h2/V100_0_0__TestData.sql @@ -42,6 +42,8 @@ values (1, 'GJ 22/23-Q4', '2023-04-01', '2023-06-30'), (8, 'GJ 23/24-Q3', '2024-01-01', '2024-03-31'), (9, 'GJ 23/24-Q4', '2024-04-01', '2024-06-30'), (10, 'GJ 24/25-Q1', '2024-07-01', '2024-09-30'), + (11, 'GJ 24/25-Q2', '2024-10-01', '2024-12-31'), + (199, 'Backlog', null, null); insert into team (id, version, name)