Skip to content

Commit

Permalink
nginx:grunt: update CSP header to account for scripts/styles on grunt…
Browse files Browse the repository at this point in the history
…js.com
  • Loading branch information
timmywil committed Sep 5, 2024
1 parent 254c3ed commit b7d508e
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion modules/profile/templates/gruntjscom/site.nginx.erb
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ server {

# Add Content Security Policy headers
add_header Reporting-Endpoints "csp-endpoint=\"https://csp-report-api.openjs-foundation.workers.dev/\""
add_header Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' code.jquery.com; connect-src 'self'; img-src 'self'; style-src 'self'; report-to csp-endpoint" always;
# The SHAs are for inline GA scripts
add_header Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' revive.bocoup.com www.google-analytics.com 'sha256-jl/4AZjT8o/P6SGURO7MWYC9FWxqz2COCD/1XBPchLU=' 'sha256-BpeEnlj1KCWLiGFbROjXPqTiovWDb243qYdjW2miRrc='; connect-src 'self'; img-src 'self'; style-src 'self' fonts.googleapis.com; report-to csp-endpoint;" always;
}

location /.well-known/acme-challenge {
Expand Down

0 comments on commit b7d508e

Please sign in to comment.