~gpanders/gpanders.com

246fd07512d09de04459d14826654579444307b7 — Gregory Anders 4 months ago 8a8e172
Update CSP

* Add object-src 'none'
* Add 'unsafe-inline' to style-src
1 files changed, 2 insertions(+), 2 deletions(-)

M netlify.toml
M netlify.toml => netlify.toml +2 -2
@@ 19,11 19,11 @@
[[headers]]
  for = "/*"
  [headers.values]
    Content-Security-Policy = "default-src 'self'; script-src 'self' 'sha256-8S1XWfApyYBGTRzR9CQ2UBCcYX34oUCUVY/1zndCEd4='"
    Content-Security-Policy = "default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-8S1XWfApyYBGTRzR9CQ2UBCcYX34oUCUVY/1zndCEd4='"
    X-Content-Type-Options = "nosniff"
    X-Frame-Options = "SAMEORIGIN"

[[headers]]
  for = "/blog/introducing-ijq/"
  [headers.values]
    Content-Security-Policy = "default-src 'self'; script-src 'self' 'sha256-8S1XWfApyYBGTRzR9CQ2UBCcYX34oUCUVY/1zndCEd4='; img-src 'self' https://asciinema.org"
    Content-Security-Policy = "default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-8S1XWfApyYBGTRzR9CQ2UBCcYX34oUCUVY/1zndCEd4='; img-src 'self' https://asciinema.org"