summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--netlify-pr.go6
-rw-r--r--netlify.toml6
2 files changed, 6 insertions, 6 deletions
diff --git a/netlify-pr.go b/netlify-pr.go
index afdd292..6e6eb54 100644
--- a/netlify-pr.go
+++ b/netlify-pr.go
@@ -47,9 +47,9 @@ func main() {
repStr = "${1} app.netlify.com${3}"
newStr = reStr.ReplaceAllString(newStr, repStr)
- // -> script-src 'self' *.googletagmanager.com;
- // <- script-src 'self' *.googletagmanager.com netlify-cdp-loader.netlify.app;
- reStr = regexp.MustCompile(`(script-src) ('self' \*\.googletagmanager.com)(;)`)
+ // -> script-src 'self' www.googletagmanager.com hypothes.is;
+ // <- script-src 'self' www.googletagmanager.com hypothes.is netlify-cdp-loader.netlify.app;
+ reStr = regexp.MustCompile(`(script-src) ('self' www\.googletagmanager\.com hypothes\.is)(;)`)
repStr = "${1} ${2} netlify-cdp-loader.netlify.app${3}"
newStr = reStr.ReplaceAllString(newStr, repStr)
diff --git a/netlify.toml b/netlify.toml
index 8edb56f..f3b429b 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -89,11 +89,11 @@
# (including inline scripts and event-handling HTML attributes).
Content-Security-Policy = """
default-src 'self';
- script-src 'self' www.googletagmanager.com;
+ script-src 'self' www.googletagmanager.com hypothes.is;
style-src 'self';
- img-src 'self' data: www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net;
+ img-src 'self' data: *.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net;
font-src 'self';
- connect-src 'self' www.google-analytics.com analytics.google.com www.googletagmanager.com stats.g.doubleclick.net;
+ connect-src 'self' *.google-analytics.com analytics.google.com www.googletagmanager.com stats.g.doubleclick.net;
media-src 'self';
object-src 'self';
frame-src 'none';