Merge pull request #3530 from hashicorp/b-allow-cross-origin-connecti…

…ons-in-ui Allow cross origin connections in ui
hashicorp · Nov 10, 2017 · 6fcaab5 · 6fcaab5
2 parents a8e6989 + 344d1df
commit 6fcaab5
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 13 deletions.
diff --git a/GNUmakefile b/GNUmakefile
@@ -199,7 +199,7 @@ dev: ## Build for the current development platform
 	@rm -f $(GOPATH)/bin/nomad
 	@$(MAKE) --no-print-directory \
 		$(DEV_TARGET) \
-		GO_TAGS=nomad_test $(NOMAD_UI_TAG)
+		GO_TAGS="nomad_test $(NOMAD_UI_TAG)"
 	@mkdir -p $(PROJECT_ROOT)/bin
 	@mkdir -p $(GOPATH)/bin
 	@cp $(PROJECT_ROOT)/$(DEV_TARGET) $(PROJECT_ROOT)/bin/

diff --git a/command/agent/bindata_assetfs.go b/command/agent/bindata_assetfs.go
diff --git a/command/agent/http.go b/command/agent/http.go
@@ -250,7 +250,7 @@ func (e *codedError) Code() int {
 func handleUI(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 		header := w.Header()
-		header.Add("Content-Security-Policy", "default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'")
+		header.Add("Content-Security-Policy", "default-src 'none'; connect-src *; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'")
 		h.ServeHTTP(w, req)
 		return
 	})