mirror of https://gitlab.com/curben/blog
fix(CSP): no longer load directly from cdn
- thanks for netlify reverse proxy
This commit is contained in:
parent
024ac67308
commit
73a6301ab2
|
@ -3,7 +3,7 @@
|
||||||
X-XSS-Protection: 1; mode=block
|
X-XSS-Protection: 1; mode=block
|
||||||
X-Content-Type-Options: nosniff
|
X-Content-Type-Options: nosniff
|
||||||
Content-Language: en
|
Content-Language: en
|
||||||
Content-Security-Policy: default-src 'self'; child-src 'none'; connect-src 'none'; font-src 'none'; frame-src 'none'; img-src https://cdn.statically.io 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; script-src https://cdn.statically.io 'self'; style-src https://cdn.statically.io 'self'; worker-src 'none'; base-uri 'none'; form-action https://duckduckgo.com; frame-ancestors 'none'; block-all-mixed-content
|
Content-Security-Policy: default-src 'self'; child-src 'none'; connect-src 'none'; font-src 'none'; frame-src 'none'; img-src 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; base-uri 'none'; form-action https://duckduckgo.com; frame-ancestors 'none'; block-all-mixed-content
|
||||||
Referrer-Policy: no-referrer
|
Referrer-Policy: no-referrer
|
||||||
Strict-Transport-Security: max-age=31536000
|
Strict-Transport-Security: max-age=31536000
|
||||||
Feature-Policy: accelerometer 'none'; autoplay 'none'; camera 'none'; document.domain 'none'; display-capture 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'
|
Feature-Policy: accelerometer 'none'; autoplay 'none'; camera 'none'; document.domain 'none'; display-capture 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'
|
||||||
|
|
Loading…
Reference in New Issue