fix CSP

2025-10-30 23:06:00 -04:00 · 2021-02-05 10:11:11 -05:00
parent 2c327f05c1
commit 9bb455bd06
1 changed files with 3 additions and 3 deletions
--- a/netlify.toml
+++ b/netlify.toml
@@ -128,16 +128,16 @@
    # https://amp.dev/documentation/guides-and-tutorials/optimize-and-measure/secure-pages/
    Content-Security-Policy = '''
    default-src 'self';
-    connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.algolianet.com https://*.ampproject.net https://csp-collector.appspot.com/csp/amp https://api.github.com https://queue.simpleanalyticscdn.com https://starman.fathomdns.com https://platform.twitter.com;
+    connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.algolianet.com https://*.ampproject.net https://csp-collector.appspot.com/csp/amp https://api.github.com https://starman.fathomdns.com https://platform.twitter.com;
    font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;
    form-action 'none';
    frame-ancestors 'self';
-    frame-src 'self' https://jakejarvis.github.io https://*.ampproject.net https://cdn.ampproject.org https://buttons.github.io https://codepen.io https://cdpn.io https://platform.twitter.com https://player.vimeo.com https://simpleanalytics.com https://www.youtube-nocookie.com;
+    frame-src 'self' https://jakejarvis.github.io https://*.ampproject.net https://cdn.ampproject.org https://app.usefathom.com https://buttons.github.io https://codepen.io https://cdpn.io https://platform.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com;
    img-src 'self' data: https:;
    manifest-src 'self';
    media-src 'self' data: https:;
    object-src 'none';
-    script-src 'self' 'unsafe-eval' https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://3p.ampproject.net https://buttons.github.io https://scripts.simpleanalyticscdn.com https://starman.fathomdns.com https://gist.github.com https://syndication.twitter.com https://platform.twitter.com https://player.vimeo.com;
+    script-src 'self' 'unsafe-eval' https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://3p.ampproject.net https://buttons.github.io https://starman.fathomdns.com https://gist.github.com https://syndication.twitter.com https://platform.twitter.com https://player.vimeo.com;
    style-src 'self' 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://fonts.googleapis.com https://github.githubassets.com;
    worker-src 'self';
    block-all-mixed-content;