From af107f070b3815b463ac071cfad256dfc2d4c975 Mon Sep 17 00:00:00 2001 From: Henk Verlinde Date: Tue, 23 May 2023 15:05:47 +0200 Subject: [PATCH] config: update content security policy --- netlify.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netlify.toml b/netlify.toml index e8d7371..dbc48f8 100644 --- a/netlify.toml +++ b/netlify.toml @@ -50,7 +50,7 @@ Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload" X-Content-Type-Options = "nosniff" X-XSS-Protection = "1; mode=block" - Content-Security-Policy = "default-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'nonce-dXNlcj0iaGVsbG8iLGRvbWFpbj0iaGVua3ZlcmxpbmRlLmNvbSIsZG9jdW1lbnQud3JpdGUodXNlcisiQCIrZG9tYWluKTs=' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk='; style-src 'self'" + Content-Security-Policy = "default-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' https://avatars.githubusercontent.com data:; script-src 'self' 'nonce-dXNlcj0iaGVsbG8iLGRvbWFpbj0iaGVua3ZlcmxpbmRlLmNvbSIsZG9jdW1lbnQud3JpdGUodXNlcisiQCIrZG9tYWluKTs=' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk='; style-src 'self'" X-Frame-Options = "SAMEORIGIN" Referrer-Policy = "strict-origin" Feature-Policy = "geolocation 'self'"