diff options
| author | Serghei Iakovlev <egrep@protonmail.ch> | 2022-06-19 13:13:35 +0200 |
|---|---|---|
| committer | Serghei Iakovlev <egrep@protonmail.ch> | 2022-06-19 13:13:35 +0200 |
| commit | 92f8a79ee0791e718a550d491b9ecae0e09feb60 (patch) | |
| tree | d31eff0830d7e7a6cef224fd2e4b650847a24283 | |
| parent | a3dfa0b84eba7ed2bf02e9113214ee48f9774691 (diff) | |
| download | gohugo-theme-ed-92f8a79ee0791e718a550d491b9ecae0e09feb60.tar.gz | |
Improve Content-Security-Policy header
| -rw-r--r-- | netlify.toml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/netlify.toml b/netlify.toml index e15dc10..7bf3d3c 100644 --- a/netlify.toml +++ b/netlify.toml @@ -68,7 +68,7 @@ # files received from those allowed domains, ignoring all other scripts # (including inline scripts and event-handling HTML attributes). # - Content-Security-Policy = "base-uri 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; img-src 'self' data: *.google-analytics.com *.googletagmanager.com; script-src 'self' *.netlify.app *.netlify.com *.googletagmanager.com; form-action 'self' submit-form.com; frame-ancestors 'none'; manifest-src 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; report-uri https://4908d40959a9f3d63d9095d1afd87166.report-uri.com/r/d/csp/enforce" + Content-Security-Policy = "default-src 'self'; script-src 'self' *.netlify.app *.netlify.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google-analytics.com *.googletagmanager.com; font-src 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; media-src 'self'; object-src 'self'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self' submit-form.com; upgrade-insecure-requests; base-uri 'self'; manifest-src 'self'; report-uri https://4908d40959a9f3d63d9095d1afd87166.report-uri.com/r/d/csp/enforce" [[headers]] for = '/feeds/*.xml' |