diff options
| author | Dominic Couture <dcouture@gitlab.com> | 2020-11-16 20:04:11 +0300 |
|---|---|---|
| committer | Achilleas Pipinellis <axil@gitlab.com> | 2020-11-16 20:04:11 +0300 |
| commit | 642610ac517252933efb25034fda5c7308366786 (patch) | |
| tree | 72fd1659964fba2f948c18bb28efe7f7f0c8188b /layouts/csp.html | |
| parent | f4d1e3ba6f3c69ad9a572d986ca8d317e0d30c13 (diff) | |
Make static website CSP more permissive
Diffstat (limited to 'layouts/csp.html')
| -rw-r--r-- | layouts/csp.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/layouts/csp.html b/layouts/csp.html index 2a078f54..a577a005 100644 --- a/layouts/csp.html +++ b/layouts/csp.html @@ -1 +1 @@ -<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.gitlab-static.net/assets/snowplow/ https://cdn.bizible.com/scripts/bizible.js https://cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.js https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/ cdnjs.cloudflare.com/ajax/libs/mermaid/ connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/923339191/ https://munchkin.marketo.net https://script.hotjar.com/ https://snap.licdn.com https://stackpath.bootstrapcdn.com/bootstrap/ https://static.hotjar.com/c/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/jquery@3.5.1/ https://*.algolia.net https://*.algolianet.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.mktoresp.com https://snowplow.trx.gitlab.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://bid.g.doubleclick.net https://consentcdn.cookiebot.com https://vars.hotjar.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; worker-src 'none';"> +<meta http-equiv="Content-Security-Policy" content="default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'self'; connect-src 'self' https:; frame-src 'self' https:; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; worker-src 'none';">
\ No newline at end of file |