diff options
| author | Serghei Iakovlev <egrep@protonmail.ch> | 2022-06-02 02:01:08 +0200 |
|---|---|---|
| committer | Serghei Iakovlev <egrep@protonmail.ch> | 2022-06-02 02:01:08 +0200 |
| commit | b1080ece9c126a9663df3a081e9c378d05e9319c (patch) | |
| tree | 899c574123302682d893841876094d76a0e00558 | |
| parent | 571d298ec5984f32e44d66803019ca7a8d7976d2 (diff) | |
| download | gohugo-theme-ed-b1080ece9c126a9663df3a081e9c378d05e9319c.tar.gz | |
Debug Content-Security-Policy header
| -rw-r--r-- | netlify.toml | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/netlify.toml b/netlify.toml index 73f8b86..a36a73c 100644 --- a/netlify.toml +++ b/netlify.toml @@ -68,14 +68,17 @@ # (including inline scripts and event-handling HTML attributes). # # Default to only allow content from the current site - # Allow images from current site and imgur.com + # Allow images from current site and data: # Don't allow objects such as Flash and Java # Only allow scripts from the current site # Only allow styles from the current site # Only allow frames from the current site # Restrict URL's in the <base> tag to current site # Allow forms to submit only to the current site and https://submit-form.com - # Content-Security-Policy = "default-src 'self'; img-src 'self' https://i.imgur.com; object-src 'none'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 'https://submit-form.com';" + # + # For more see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + Content-Security-Policy = "default-src 'self'; img-src 'self' data:; object-src 'none'; script-src 'self';" + # style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 'https://submit-form.com';" [[headers]] for = '/feeds/*.xml' |