fix: replace 'https' with 'https:' in CSP

https://content-security-policy.com/#source_list
This commit is contained in:
curben 2019-05-22 11:00:00 +09:30
parent 0e686c620b
commit 08fb7897e1
2 changed files with 2 additions and 2 deletions

View File

@ -8,7 +8,7 @@
X-Frame-Options = "DENY" X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block" X-XSS-Protection = "1; mode=block"
X-Content-Type-Options = "nosniff" X-Content-Type-Options = "nosniff"
Content-Security-Policy = "default-src https localhost:4000; script-src https://cdnjs.cloudflare.com https://*.netlify.com localhost:4000; style-src https://cdnjs.cloudflare.com https://*.netlify.com localhost:4000; frame-ancestors 'none'; block-all-mixed-content;" Content-Security-Policy = "default-src https: localhost:4000; script-src https://cdnjs.cloudflare.com https://*.netlify.com localhost:4000; style-src https://cdnjs.cloudflare.com https://*.netlify.com localhost:4000; frame-ancestors 'none'; block-all-mixed-content;"
Referrer-Policy = "no-referrer" Referrer-Policy = "no-referrer"
Strict-Transport-Security = "max-age=31536000" Strict-Transport-Security = "max-age=31536000"
Feature-Policy = "accelerometer 'none'; autoplay 'none'; camera 'none'; document.domain 'none'; display-capture 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'" Feature-Policy = "accelerometer 'none'; autoplay 'none'; camera 'none'; document.domain 'none'; display-capture 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'"

View File

@ -3,7 +3,7 @@
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<%/* CSP */%> <%/* CSP */%>
<meta http-equiv="Content-Security-Policy" content="default-src https localhost:4000; script-src https://cdnjs.cloudflare.com https://*.netlify.com localhost:4000; style-src https://cdnjs.cloudflare.com https://*.netlify.com localhost:4000; form-action 'none'; block-all-mixed-content;"> <meta http-equiv="Content-Security-Policy" content="default-src https: localhost:4000; script-src https://cdnjs.cloudflare.com https://*.netlify.com localhost:4000; style-src https://cdnjs.cloudflare.com https://*.netlify.com localhost:4000; form-action 'none'; block-all-mixed-content;">
<% <%
let title = page.title let title = page.title