jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases 5 Packages Wiki Activity Actions

style: Improve security by updating CSP headers

Browse source 
- Update `CSPHeader.php` to improve security by removing unsafe-inline.
This commit is contained in:
Jonny Barnes 2023-05-29 12:46:17 +01:00
parent 447e72b16e
commit e62f68f514
Signed by: jonny
SSH key fingerprint: SHA256:CTuSlns5U7qlD9jqHvtnVmfYV3Zwl2Z7WnJ4/dqOaL8
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Middleware/CSPHeader.php
View file

@ -25,7 +25,7 @@ class CSPHeader
->header( ->header(
'Content-Security-Policy', 'Content-Security-Policy',
"default-src 'self'; " . "default-src 'self'; " .
"style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " . "style-src 'self' cloud.typography.com jonnybarnes.uk; " .
"img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " . "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
"font-src 'self' data:; " . "font-src 'self' data:; " .
"frame-src 'self' https://www.youtube.com blob:; " . "frame-src 'self' https://www.youtube.com blob:; " .