jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases 5 Packages Wiki Activity Actions

fix: Add unsafe-inline to style-src CSP header

Browse source 
- Improve content-security policy for better website security
- Add `'unsafe-inline'` to the `style-src` header in `CSPHeader.php`
This commit is contained in:
Jonny Barnes 2023-05-27 18:19:42 +01:00
parent f5b037265b
commit eb82ff4ca5
Signed by: jonny
SSH key fingerprint: SHA256:CTuSlns5U7qlD9jqHvtnVmfYV3Zwl2Z7WnJ4/dqOaL8
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Middleware/CSPHeader.php
View file

@ -25,7 +25,7 @@ class CSPHeader
->header(
'Content-Security-Policy',
"default-src 'self'; " .
"style-src 'self' cloud.typography.com jonnybarnes.uk; " .
"style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " .
"img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
"font-src 'self' data:; " .
"frame-src 'self' https://www.youtube.com blob:; " .