From db0d18a8cfe74322a8c2261278119b71f0dbc5d2 Mon Sep 17 00:00:00 2001 From: Tommy Date: Wed, 30 Nov 2022 18:14:31 -0500 Subject: [PATCH] Fix CORP Signed-off-by: Tommy --- static/_headers | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/static/_headers b/static/_headers index 977ce55..04ede3b 100644 --- a/static/_headers +++ b/static/_headers @@ -17,11 +17,11 @@ /posts/knowledge/multi-factor-authentication/ Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Cross-Origin-Embedder-Policy : unsafe-none - + /posts/android/android-tips/ Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Cross-Origin-Embedder-Policy : unsafe-none - + /posts/android/choosing-your-android-based-operating-system/ Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Cross-Origin-Embedder-Policy : unsafe-none @@ -32,10 +32,16 @@ /posts/linux/desktop-linux-hardening/ Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' - Cross-Origin-Embedder-Policy : unsafe-none - + Cross-Origin-Embedder-Policy : unsafe-none + /*.xml Content-Security-Policy : default-src 'none'; img-src 'self' data: https://www.w3.org/; style-src 'self' 'unsafe-inline'; block-all-mixed-content; base-uri 'none' +/*.png + Cross-Origin-Resource-Policy : cross-origin + +/*.jpg + Cross-Origin-Resource-Policy : cross-origin + /.well-known/openpgpkey/hu/* Access-Control-Allow-Origin: *