New lighttpd response headers break device firmware update checks #620
Labels
🐛 bug-report
Something isn't working
🔥 security relevant
This is a security relevant issue/ticket
👍 important
This is an important issue/ticket with high priority
Milestone
Refused to load the script 'https://ccu3-update.homematic.com:8443/firmware/api/firmware/search/DEVICE?ts=1557084332747' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' 'self' *.homematic.com https://gitcdn.xyz ". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
The text was updated successfully, but these errors were encountered: