CSP - missed a spot

2025-07-17 16:25:31 -04:00 · 2019-04-19 10:37:53 -04:00
parent f4794b074c
commit e10247729e
1 changed files with 1 additions and 1 deletions
--- a/worker.js
+++ b/worker.js
@@ -1,5 +1,5 @@
 let newHeaders = {
-  "Content-Security-Policy": "default-src 'none'; script-src 'self' 'unsafe-inline' stats.jarv.is comments.jarv.is; style-src 'self' 'unsafe-inline' comments.jarv.is; img-src 'self' data: https:; font-src 'self' comments.jarv.is; object-src 'self'; media-src 'self'; base-uri 'none'; form-action 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self'; worker-src 'none'; connect-src 'self' jarvis.report-uri.com stats.jarv.is commento.jarv.is; upgrade-insecure-requests; report-uri https://jarvis.report-uri.com/r/d/csp/enforce; report-to default",
+  "Content-Security-Policy": "default-src 'none'; script-src 'self' 'unsafe-inline' stats.jarv.is comments.jarv.is; style-src 'self' 'unsafe-inline' comments.jarv.is; img-src 'self' data: https:; font-src 'self' comments.jarv.is; object-src 'self'; media-src 'self'; base-uri 'none'; form-action 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self'; worker-src 'none'; connect-src 'self' jarvis.report-uri.com stats.jarv.is comments.jarv.is; upgrade-insecure-requests; report-uri https://jarvis.report-uri.com/r/d/csp/enforce; report-to default",
  "Report-To": "{\"group\":\"default\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://jarvis.report-uri.com/a/d/g\"}]}",
  "NEL": "{\"report_to\":\"default\",\"max_age\":604800}",
 //  "Strict-Transport-Security" : "max-age=1000",