Improve the content security policy

[rails.git] / config / example.application.yml

diff --git a/config/example.application.yml b/config/example.application.yml
index 6319be709e5e72a7723273f2b77d005857ae6129..ec6048521e00f119b49e0f3d6c2a3bc71b381104 100644 (file)
--- a/config/example.application.yml
+++ b/config/example.application.yml
@@ -90,6 +90,8 @@ defaults: &defaults
     # Current Google imagery URLs have google or googleapis in the domain
     # with a vt or kh endpoint, and x, y and z query parameters
     - ".*\\.google(apis)?\\..*/(vt|kh)[\\?/].*([xyz]=.*){3}.*"
+    # Blacklist VWorld
+    - "http://xdworld\\.vworld\\.kr:8080/.*"
   # URL of Overpass instance to use for feature queries
   overpass_url: "//overpass-api.de/api/interpreter"
   # Routing endpoints
@@ -117,6 +119,8 @@ defaults: &defaults
   #thunderforest_key: ""
   # Key for generating TOTP tokens
   #totp_key: ""
+  # URL for reporting Content-Security-Policy violations
+  #csp_report_url: ""
 
 development:
   <<: *defaults