From f4adea11f5638e1b955afd9bb27253e9755e7bcb Mon Sep 17 00:00:00 2001 From: Timmy Willison Date: Tue, 15 Oct 2024 21:52:38 -0400 Subject: [PATCH] functions: allow loading styles and images from the jQuery CDN --- themes/api.jquery.com/functions.php | 2 +- themes/api.jquerymobile.com/functions.php | 2 +- themes/api.jqueryui.com/functions.php | 2 +- themes/jquery/functions.php | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/themes/api.jquery.com/functions.php b/themes/api.jquery.com/functions.php index e8158237..e95f4365 100644 --- a/themes/api.jquery.com/functions.php +++ b/themes/api.jquery.com/functions.php @@ -3,6 +3,6 @@ // Allow inline scripts and styles in API demos add_filter( 'jq_content_security_policy', function ( $policy ) { $policy[ 'script-src' ] = "'self' 'unsafe-inline' code.jquery.com"; - $policy[ 'style-src' ] = "'self' 'unsafe-inline'"; + $policy[ 'style-src' ] = "'self' 'unsafe-inline' code.jquery.com"; return $policy; } ); diff --git a/themes/api.jquerymobile.com/functions.php b/themes/api.jquerymobile.com/functions.php index eb84578a..11fc37fc 100644 --- a/themes/api.jquerymobile.com/functions.php +++ b/themes/api.jquerymobile.com/functions.php @@ -32,6 +32,6 @@ function jq_mobile_api_version_current() { // Allow inline scripts and styles in API demos add_filter( 'jq_content_security_policy', function ( $policy ) { $policy[ 'script-src' ] = "'self' 'unsafe-inline' code.jquery.com"; - $policy[ 'style-src' ] = "'self' 'unsafe-inline'"; + $policy[ 'style-src' ] = "'self' 'unsafe-inline' code.jquery.com"; return $policy; } ); diff --git a/themes/api.jqueryui.com/functions.php b/themes/api.jqueryui.com/functions.php index 5165c653..4f2e6c6e 100644 --- a/themes/api.jqueryui.com/functions.php +++ b/themes/api.jqueryui.com/functions.php @@ -28,6 +28,6 @@ function jq_ui_api_version_current() { // Allow inline scripts and styles in API demos add_filter( 'jq_content_security_policy', function ( $policy ) { $policy[ 'script-src' ] = "'self' 'unsafe-inline' code.jquery.com"; - $policy[ 'style-src' ] = "'self' 'unsafe-inline'"; + $policy[ 'style-src' ] = "'self' 'unsafe-inline' code.jquery.com"; return $policy; } ); diff --git a/themes/jquery/functions.php b/themes/jquery/functions.php index cb0ead2f..ae560cde 100755 --- a/themes/jquery/functions.php +++ b/themes/jquery/functions.php @@ -265,9 +265,9 @@ function jq_content_security_policy() { 'default-src' => "'self'", 'script-src' => "'self' 'nonce-$nonce' code.jquery.com", // The nonce is here so inline scripts can be used in the theme - 'style-src' => "'self' 'nonce-$nonce'", + 'style-src' => "'self' 'nonce-$nonce' code.jquery.com", // data: SVG images are used in typesense - 'img-src' => "'self' data:", + 'img-src' => "'self' data: code.jquery.com", 'connect-src' => "'self' typesense.jquery.com", 'font-src' => "'self'", 'object-src' => "'none'",