summaryrefslogtreecommitdiffstats
path: root/netlify.toml
diff options
context:
space:
mode:
Diffstat (limited to 'netlify.toml')
-rw-r--r--netlify.toml7
1 files changed, 5 insertions, 2 deletions
diff --git a/netlify.toml b/netlify.toml
index 73f8b86..a36a73c 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -68,14 +68,17 @@
# (including inline scripts and event-handling HTML attributes).
#
# Default to only allow content from the current site
- # Allow images from current site and imgur.com
+ # Allow images from current site and data:
# Don't allow objects such as Flash and Java
# Only allow scripts from the current site
# Only allow styles from the current site
# Only allow frames from the current site
# Restrict URL's in the <base> tag to current site
# Allow forms to submit only to the current site and https://submit-form.com
- # Content-Security-Policy = "default-src 'self'; img-src 'self' https://i.imgur.com; object-src 'none'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 'https://submit-form.com';"
+ #
+ # For more see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+ Content-Security-Policy = "default-src 'self'; img-src 'self' data:; object-src 'none'; script-src 'self';"
+ # style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 'https://submit-form.com';"
[[headers]]
for = '/feeds/*.xml'