...
The default values can be overwritten by setting the configuration item security_content_policy in the configuration file, opCommon.json.
The default values reinclude in the source code are:
| Code Block |
|---|
"connect-src 'self' opmantek.com community.opmantek.com services.opmantek.com ws: wss: maps.google.com maps.gstatic.com; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com maps.google.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; worker-src 'self';" |
Depending on what you need to achieve you will need to update your configuration to include some or all of the default options as well as options specific to your environment.
For example if you were going include one of the Opmantek applications in an iFrame, you would need to include directives for frame-ancestors and frame-src, e.g.
frame-ancestors https://*.yourdomain.com
frame-src https://*.yourdomain.com
Note here we have use *.opmantek.com*, this would need to be your domain name.
The total configuration would be something like the following:
| Code Block |
|---|
"security_content_policy": "connect-src 'self' opmantek.com community.opmantek.com services.opmantek.com ws: wss: maps.google.com maps.gstatic.com; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors https://*.yourdomain.com; frame-src https://*.yourdomain.com; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com maps.google.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; worker-src 'self';" |