From eef4f3fe7a71568f211b98737520b2c78c2bfcab Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Tue, 7 May 2024 23:46:46 -0400 Subject: [PATCH] update csp and cache-control Signed-off-by: Rui Chen --- netlify.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/netlify.toml b/netlify.toml index cb8d277e98..b3342dfa48 100644 --- a/netlify.toml +++ b/netlify.toml @@ -21,9 +21,9 @@ [headers.values] X-Frame-Options = "DENY" X-XSS-Protection = "1; mode=block" - Content-Security-Policy = "default-src 'self'" - Cache-Control = "public, max-age=0, must-revalidate" - Strict-Transport-Security = "max-age=31536000" + Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:" + Cache-Control = "public, max-age=31536000, must-revalidate" + Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload" [[headers]] for = "*.html"