Replace CSP plugin-types directive with object-src The HTTP Content-Security-Policy (CSP) plugin-types directive has been marked as deprecated and suggests set object-src none to disallow plugins. Signed-off-by: Brian Ma <chma0@nuvoton.com> Change-Id: Ie532deeb8d8cb0d1de275b5d864bd20dc5f11ce7

commit: 2bbdb3b7568284fe0739d263dad7cbee95815e4a [log] [tgz]
author: Brian Ma <chma0@nuvoton.com> Thu Apr 21 14:03:46 2022 +0800
committer: George Keishing <gkeishin@gmail.com> Thu Apr 21 18:14:16 2022 +0000
tree: aea88b5e997532f96c5a0fd53f820c085a818917
parent: 3612f3aae25f7102d78e38b6b8c1b3ceb1c31577 [diff] [blame]
diff --git a/redfish/service_root/test_service_root_security.robot b/redfish/service_root/test_service_root_security.robot
index 4640ecf..c0a8d89 100644
--- a/redfish/service_root/test_service_root_security.robot
+++ b/redfish/service_root/test_service_root_security.robot

@@ -16,7 +16,7 @@
 ...                     X-Frame-Options=DENY
 ...                     Pragma=no-cache
 ...                     Cache-Control=no-Store,no-Cache
-...                     Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; plugin-types 'none'; base-uri 'none'
+...                     Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
 ...                     X-XSS-Protection=1; mode=block
 ...                     X-Content-Type-Options=nosniff
commit	2bbdb3b7568284fe0739d263dad7cbee95815e4a	[log] [tgz]
author	Brian Ma <chma0@nuvoton.com>	Thu Apr 21 14:03:46 2022 +0800
committer	George Keishing <gkeishin@gmail.com>	Thu Apr 21 18:14:16 2022 +0000
tree	aea88b5e997532f96c5a0fd53f820c085a818917
parent	3612f3aae25f7102d78e38b6b8c1b3ceb1c31577 [diff] [blame]