ci(caddy): update Content-Security-Policy for Google Fonts and scripts
Updated the Content-Security-Policy header to include Google Fonts and Google Analytics domains: - Added `https://www.gstatic.com` to `script-src`, `script-src-elem`, `img-src`, and `font-src` directives - Removed duplicate `script-src` and `style-src` entries in the policy - Ensured all relevant directives properly include the new domains
This commit is contained in:
Nils-Johan Gynther
+1
-1
@@ -2,7 +2,7 @@
|
|||||||
root * /usr/share/caddy
|
root * /usr/share/caddy
|
||||||
|
|
||||||
header {
|
header {
|
||||||
Content-Security-Policy "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https: http: ws: wss:; worker-src 'self' blob:"
|
Content-Security-Policy "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://www.gstatic.com; font-src 'self' data: https://www.gstatic.com; connect-src 'self' https: http: ws: wss:; worker-src 'self' blob:;" script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https: http: ws: wss:; worker-src 'self' blob:"
|
||||||
}
|
}
|
||||||
|
|
||||||
@staticAssets {
|
@staticAssets {
|
||||||
|
|||||||
Reference in New Issue
Block a user