Allow CSP to be put in enforcing mode

[rails.git] / config / example.application.yml

diff --git a/config/example.application.yml b/config/example.application.yml
index 5c60ccd16b4f9e6042896f5e222822c7df3a2349..b6884825b5c68f137a368a16053f68300a692bf3 100644 (file)
--- a/config/example.application.yml
+++ b/config/example.application.yml
@@ -74,7 +74,7 @@ defaults: &defaults
   # Enable legacy OAuth 1.0 support
   oauth_10_support: true
   # URL of Nominatim instance to use for geocoding
-  nominatim_url: "//nominatim.openstreetmap.org/"
+  nominatim_url: "https://nominatim.openstreetmap.org/"
   # Default editor
   default_editor: "id"
   # OAuth consumer key for Potlatch 2
@@ -97,12 +97,11 @@ defaults: &defaults
     # Blacklist here
     - ".*\\.here\\.com[/:].*"
   # URL of Overpass instance to use for feature queries
-  overpass_url: "//overpass-api.de/api/interpreter"
+  overpass_url: "https://overpass-api.de/api/interpreter"
   # Routing endpoints
-  graphhopper_url: "//graphhopper.com/api/1/route"
-  mapquest_directions_url: "//open.mapquestapi.com/directions/v2/route"
-  mapzen_valhalla_url: "//valhalla.mapzen.com/route"
-  osrm_url: "//router.project-osrm.org/route/v1/driving/"
+  graphhopper_url: "https://graphhopper.com/api/1/route"
+  mapquest_directions_url: "https://open.mapquestapi.com/directions/v2/route"
+  osrm_url: "https://router.project-osrm.org/route/v1/driving/"
   # External authentication credentials
   #google_auth_id: ""
   #google_auth_secret: ""
@@ -117,12 +116,12 @@ defaults: &defaults
   #wikipedia_auth_secret: ""
   # MapQuest authentication details
   #mapquest_key: ""
-  # Mapzen authentication details
-  #mapzen_valhalla_key: ""
   # Thunderforest authentication details
   #thunderforest_key: ""
   # Key for generating TOTP tokens
   #totp_key: ""
+  # Enforce Content-Security-Policy
+  csp_enforce: false
   # URL for reporting Content-Security-Policy violations
   #csp_report_url: ""