From 608b6a8af84f50f7987ffc840c16a814cebeb4ea Mon Sep 17 00:00:00 2001
From: Serghei Iakovlev <egrep@protonmail.ch>
Date: Mon, 15 Apr 2024 00:12:21 +0200
Subject: Update Content-Security-Policy for netlify

---
 netlify-preview.js | 18 +++++++++---------
 netlify.toml       |  6 +++---
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/netlify-preview.js b/netlify-preview.js
index 5b37433..5400d48 100644
--- a/netlify-preview.js
+++ b/netlify-preview.js
@@ -21,22 +21,22 @@ fs.readFile(path.resolve(__dirname, netlifyConfig), 'utf8', (err, data) => {
     // <- default-src 'self' blob:;
     line = line.replace(/(default-src) ('self')(;)/, '$1 $2 blob:$3');
 
-    // -> style-src 'self' cdn.hypothes.is;
-    // <- style-src 'self' 'unsafe-inline' cdn.hypothes.is;
-    line = line.replace(/(style-src) ('self') (cdn\.hypothes\.is)(;)/, '$1 $2 $3 \'unsafe-inline\'$4');
+    // -> style-src 'self' cdn.hypothes.is giscus.app;
+    // <- style-src 'self' 'unsafe-inline' cdn.hypothes.is giscus.app;
+    line = line.replace(/(style-src) ('self') (cdn\.hypothes\.is giscus\.app)(;)/, '$1 $2 $3 \'unsafe-inline\'$4');
 
     // -> media-src 'self';
     // <- media-src 'self' blob: https://app.netlify.com;
     line = line.replace(/(media-src) ('self')(;)/, '$1 $2 blob: https://app.netlify.com$3');
 
-    // -> frame-src hypothes.is;
-    // <- frame-src hypothes.is app.netlify.com;
-    line = line.replace(/(frame-src) (hypothes\.is)(;)/, '$1 $2 app.netlify.com$3');
+    // -> frame-src hypothes.is giscus.app;
+    // <- frame-src hypothes.is giscus.app app.netlify.com;
+    line = line.replace(/(frame-src) (hypothes\.is giscus\.app)(;)/, '$1 $2 app.netlify.com$3');
 
-    // -> script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is;
-    // <- script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is netlify-cdp-loader.netlify.app;
+    // -> script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is giscus.app;
+    // <- script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is giscus.app netlify-cdp-loader.netlify.app;
     line = line.replace(
-      /(script-src) ('self' www\.googletagmanager\.com hypothes\.is cdn\.hypothes\.is)(;)/,
+      /(script-src) ('self' www\.googletagmanager\.com hypothes\.is cdn\.hypothes\.is giscus\.app)(;)/,
       '$1 $2 netlify-cdp-loader.netlify.app$3'
     );
 
diff --git a/netlify.toml b/netlify.toml
index 55134eb..fc355f0 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -88,14 +88,14 @@
     # (including inline scripts and event-handling HTML attributes).
     Content-Security-Policy = """
     default-src 'self';
-    script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is;
-    style-src 'self' cdn.hypothes.is;
+    script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is giscus.app;
+    style-src 'self' cdn.hypothes.is giscus.app;
     img-src 'self' data: *.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net;
     font-src 'self';
     connect-src 'self' *.google-analytics.com *.analytics.google.com analytics.google.com www.googletagmanager.com stats.g.doubleclick.net;
     media-src 'self';
     object-src 'self';
-    frame-src hypothes.is;
+    frame-src hypothes.is giscus.app;
     worker-src 'self';
     frame-ancestors 'none';
     form-action 'self' submit-form.com;
-- 
cgit v1.2.3