Merge pull request #3277 from keeps/cafonso-dev-commons

Updated commons-ip version

pom.xml

@@ -123,7 +123,7 @@
         <solr.version>9.5.0</solr.version>
         <apacheds.version>2.0.0.AM27</apacheds.version>
         <httpcomponents.version>4.5.14</httpcomponents.version>
-        <commons_ip2.version>2.6.2</commons_ip2.version>
+        <commons_ip2.version>2.8.0</commons_ip2.version>
         <metrics.version>3.2.6</metrics.version>
         <roda_community_url>https://roda-community.org</roda_community_url>
         <testng.groups>all</testng.groups>

roda-ui/roda-wui/src/main/java/org/roda/wui/filter/SecurityHeadersFilter.java

@@ -13,9 +13,9 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 
         httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
         httpServletResponse.setHeader("Content-Security-Policy",
-                "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com " +
-                        "https://www.google-analytics.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; " +
-                        "img-src 'self'; font-src 'self';");
+        "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com " +
+                "https://www.google-analytics.com https://www.gstatic.com http://127.0.0.1:9876; " +
+                "style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';");
         httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
         httpServletResponse.setHeader("X-Permitted-Cross-Domain-Policies", "none");
         httpServletResponse.setHeader("Feature-Policy", "camera 'none'; fullscreen 'self'; geolocation *; " +