Skip to content

Commit 3a887b0

Browse files
agent-ptolemyagent-ptolemy
authored
Merge pull request #5 from safeai-aus/codex/update-csp-to-include-cusdis-sources
Allow Cusdis scripts via CSP
2 parents 1bcea9c + 9e43a7f commit 3a887b0

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

docs/_headers

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=()
88

99
# Content Security Policy
10-
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://cloud.umami.is; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://cloud.umami.is; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests
10+
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://cloud.umami.is https://cusdis.com https://js.cusdis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://cloud.umami.is https://cusdis.com https://js.cusdis.com; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests
1111

1212
# HSTS (HTTP Strict Transport Security)
1313
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
@@ -23,7 +23,7 @@
2323
Cache-Control: public, max-age=86400, must-revalidate
2424

2525
# Less restrictive CSP for assets
26-
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://cloud.umami.is; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://cloud.umami.is; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'
26+
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://cloud.umami.is https://cusdis.com https://js.cusdis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://cloud.umami.is https://cusdis.com https://js.cusdis.com; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'
2727

2828
# Cache CSS files for 24 hours (good balance)
2929
*.css

0 commit comments

Comments
 (0)