jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases 5 Packages Wiki Activity Actions

Merge pull request #864 from jonnybarnes/861-css-no-longer-loads-on-prod

Browse source 
fix: Add unsafe-inline to style-src CSP header
This commit is contained in:
Jonny Barnes 2023-05-27 19:26:32 +01:00 committed by GitHub
commit deb23b4a50
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Middleware/CSPHeader.php
View file

@ -25,7 +25,7 @@ class CSPHeader
->header(
'Content-Security-Policy',
"default-src 'self'; " .
"style-src 'self' cloud.typography.com jonnybarnes.uk; " .
"style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " .
"img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
"font-src 'self' data:; " .
"frame-src 'self' https://www.youtube.com blob:; " .