From 68477ee79d9db1d695c05ca3138accafea70fc91 Mon Sep 17 00:00:00 2001
From: Daniel Arnauer <daniel.arnauer@accenture.com>
Date: Tue, 2 Nov 2021 09:14:31 +0100
Subject: [PATCH] UI: fix nginx when fetching data from outside

---
 frontend/nginx.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index 139dedbb8..23e6aebc2 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -4,7 +4,8 @@ server {
 
     add_header X-Frame-Options "sameorigin";
     add_header X-Content-Type-Options "nosniff";
-    add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'self'; form-action 'self'";
+    # If data mus be fetched from external servers (e.g. exchange rates), add the URL to connect-src:
+    add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://sdw-wsrest.ecb.europa.eu/service/data/EXR/; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'self'; form-action 'self'";
 
     #charset koi8-r;
     #access_log  /var/log/nginx/host.access.log  main;