diff --git a/app/app.js b/app/app.js
index 9b448a1b440..e45e8400e94 100644
--- a/app/app.js
+++ b/app/app.js
@@ -7,6 +7,8 @@ import config from './config/environment';
import * as Sentry from './sentry';
if (typeof FastBoot === 'undefined') {
+ // eslint-disable-next-line unicorn/prefer-add-event-listener
+ window.onerror = undefined;
Sentry.init();
}
diff --git a/app/index.html b/app/index.html
index 4bd0c50ee1f..81dac870e59 100644
--- a/app/index.html
+++ b/app/index.html
@@ -28,6 +28,8 @@
{{content-for 'body'}}
+
+
diff --git a/config/nginx.conf.erb b/config/nginx.conf.erb
index efea9530f85..b55bfe40d6d 100644
--- a/config/nginx.conf.erb
+++ b/config/nginx.conf.erb
@@ -211,7 +211,7 @@ http {
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
- add_header Content-Security-Policy "default-src 'self'; connect-src 'self' *.ingest.sentry.io https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://code.cdn.mozilla.net; font-src https://code.cdn.mozilla.net; img-src *; object-src 'none'";
+ add_header Content-Security-Policy "default-src 'self'; connect-src 'self' *.ingest.sentry.io https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.gstatic.com 'sha256-n1+BB7Ckjcal1Pr7QNBh/dKRTtBQsIytFodRiIosXdE='; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://code.cdn.mozilla.net; font-src https://code.cdn.mozilla.net; img-src *; object-src 'none'";
add_header Access-Control-Allow-Origin "*";
add_header Strict-Transport-Security "max-age=31536000" always;