From e71be60e17210471ecc8029a12540ca0344ed67f Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 21 Jul 2022 19:19:25 -0400 Subject: [PATCH] CSP Fixes (#19) --- netlify.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netlify.toml b/netlify.toml index e2f0893..ed01bc6 100644 --- a/netlify.toml +++ b/netlify.toml @@ -2,7 +2,7 @@ for = "/*" [headers.values] Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" - Content-Security-Policy = "default-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" + Content-Security-Policy = "default-src 'none'; connect-src 'self'; img-src 'self'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; frame-src www.youtube-nocookie.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" X-Content-Type-Options = "nosniff" Referrer-Policy = "no-referrer" Cross-Origin-Opener-Policy = "same-origin"