From b1080ece9c126a9663df3a081e9c378d05e9319c Mon Sep 17 00:00:00 2001
From: Serghei Iakovlev <egrep@protonmail.ch>
Date: Thu, 2 Jun 2022 02:01:08 +0200
Subject: Debug Content-Security-Policy header

---
 netlify.toml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/netlify.toml b/netlify.toml
index 73f8b86..a36a73c 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -68,14 +68,17 @@
     # (including inline scripts and event-handling HTML attributes).
     #
     # Default to only allow content from the current site
-    # Allow images from current site and imgur.com
+    # Allow images from current site and data:
     # Don't allow objects such as Flash and Java
     # Only allow scripts from the current site
     # Only allow styles from the current site
     # Only allow frames from the current site
     # Restrict URL's in the <base> tag to current site
     # Allow forms to submit only to the current site and https://submit-form.com
-    # Content-Security-Policy = "default-src 'self'; img-src 'self' https://i.imgur.com; object-src 'none'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 'https://submit-form.com';"
+    #
+    # For more see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+    Content-Security-Policy = "default-src 'self'; img-src 'self' data:; object-src 'none'; script-src 'self';"
+    # style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 'https://submit-form.com';"
 
 [[headers]]
   for = '/feeds/*.xml'
-- 
cgit v1.2.3