fix: update content security header

This commit is contained in:
Henk Verlinde 2021-03-16 16:19:15 +01:00
parent e0996b36cb
commit 64efe3ff00
2 changed files with 2 additions and 2 deletions

View File

@ -2,7 +2,7 @@
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; frame-ancestors https://jamstackthemes.dev; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'nonce-wPV5wYvXV9ifrqhyVhpMHg=='; style-src 'self' Content-Security-Policy: default-src 'self'; frame-ancestors https://jamstackthemes.dev; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self'
X-Frame-Options: SAMEORIGIN X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin Referrer-Policy: strict-origin
Feature-Policy: geolocation 'self' Feature-Policy: geolocation 'self'

View File

@ -82,7 +82,7 @@
{{ end -}} {{ end -}}
{{ if .Site.Params.options.kaTex -}} {{ if .Site.Params.options.kaTex -}}
<script src="{{ $katex.Permalink }}" integrity="{{ $katex.Data.Integrity }}" crossorigin="anonymous" defer></script> <script src="{{ $katex.Permalink }}" integrity="{{ $katex.Data.Integrity }}" crossorigin="anonymous" defer></script>
<script src="{{ $katexAutoRender.Permalink }}" nonce="wPV5wYvXV9ifrqhyVhpMHg==" integrity="{{ $katexAutoRender.Data.Integrity }}" crossorigin="anonymous" onload="renderMathInElement(document.body);" defer></script> <script src="{{ $katexAutoRender.Permalink }}" integrity="{{ $katexAutoRender.Data.Integrity }}" crossorigin="anonymous" onload="renderMathInElement(document.body);" defer></script>
{{ end -}} {{ end -}}
{{ if .Site.Params.options.flexSearch -}} {{ if .Site.Params.options.flexSearch -}}
<script src="{{ $index.Permalink }}" integrity="{{ $index.Data.Integrity }}" crossorigin="anonymous" defer></script> <script src="{{ $index.Permalink }}" integrity="{{ $index.Data.Integrity }}" crossorigin="anonymous" defer></script>