Correct CSP header

author: Serghei Iakovlev <egrep@protonmail.ch> 2022-07-24 21:04:38 +0200
committer: Serghei Iakovlev <egrep@protonmail.ch> 2022-07-24 21:04:38 +0200
commit: f3e7ebb4a9ef2463fef4de2f9b05fc8b70adba79 (patch)
tree: 1adaad554a3057a2516cb9af157597a7dc339885
parent: 2096b43f2c4006e28fef713136142d33ecbf27be (diff)
download: gohugo-theme-ed-f3e7ebb4a9ef2463fef4de2f9b05fc8b70adba79.tar.gz
2 files changed, 5 insertions, 5 deletions
diff --git a/netlify-pr.go b/netlify-pr.go
index f3e5057..58630fd 100644
--- a/netlify-pr.go
+++ b/netlify-pr.go
@@ -41,10 +41,10 @@ func main() {
 		repStr = "${1} ${2} blob: https://app.netlify.com${3}"
 		newStr = reStr.ReplaceAllString(newStr, repStr)
 
-		// -> frame-src 'none';
-		// <- frame-src app.netlify.com;
-		reStr = regexp.MustCompile("(frame-src) ('none')(;)")
-		repStr = "${1} app.netlify.com${3}"
+		// -> frame-src hypothes.is;
+		// <- frame-src hypothes.is app.netlify.com;
+		reStr = regexp.MustCompile(`(frame-src) (hypothes\.is)(;)`)
+		repStr = "${1} ${2} app.netlify.com${3}"
 		newStr = reStr.ReplaceAllString(newStr, repStr)
 
 		// -> script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is;
diff --git a/netlify.toml b/netlify.toml
index 15c85ac..d1e3350 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -96,7 +96,7 @@
     connect-src 'self' *.google-analytics.com analytics.google.com www.googletagmanager.com stats.g.doubleclick.net;
     media-src 'self';
     object-src 'self';
-    frame-src 'none';
+    frame-src hypothes.is;
     worker-src 'self';
     frame-ancestors 'none';
     form-action 'self' submit-form.com;
author	Serghei Iakovlev <egrep@protonmail.ch>	2022-07-24 21:04:38 +0200
committer	Serghei Iakovlev <egrep@protonmail.ch>	2022-07-24 21:04:38 +0200
commit	f3e7ebb4a9ef2463fef4de2f9b05fc8b70adba79 (patch)
tree	1adaad554a3057a2516cb9af157597a7dc339885
parent	2096b43f2c4006e28fef713136142d33ecbf27be (diff)
download	gohugo-theme-ed-f3e7ebb4a9ef2463fef4de2f9b05fc8b70adba79.tar.gz