Removed Sandbox CSP

Swapnamol · Swapnamol · commit 62c054a0e4f1 · 2025-03-20T10:06:07.000Z
diff --git a/WebAPI/LearningHub.Nhs.API/Program.cs b/WebAPI/LearningHub.Nhs.API/Program.cs
@@ -40,7 +40,7 @@
 
     app.Use(async (context, next) =>
     {
-        context.Response.Headers.Add("content-security-policy", "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';");
+        context.Response.Headers.Add("content-security-policy", "object-src 'none'; frame-ancestors 'none'; base-uri 'self';");
         context.Response.Headers.Add("Referrer-Policy", "no-referrer");
         context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
         context.Response.Headers.Add("X-Content-Type-Options", "nosniff");

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@`
`40`	`40`
`41`	`41`	`app.Use(async (context, next) =>`
`42`	`42`	`{`
`43`		`- context.Response.Headers.Add("content-security-policy", "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';");`
	`43`	`+ context.Response.Headers.Add("content-security-policy", "object-src 'none'; frame-ancestors 'none'; base-uri 'self';");`
`44`	`44`	`context.Response.Headers.Add("Referrer-Policy", "no-referrer");`
`45`	`45`	`context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");`
`46`	`46`	`context.Response.Headers.Add("X-Content-Type-Options", "nosniff");`