Skip to content

Commit

Permalink
Merge pull request #123 from adatainment/csp
Browse files Browse the repository at this point in the history
Update csp
  • Loading branch information
katomm authored Oct 10, 2024
2 parents 37c49de + 43b82d1 commit 5a0c355
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion netlify.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
# Activates the browser's built-in cross-site scripting (XSS) filter and blocks responses if an attack is detected.
X-XSS-Protection = "1; mode=block"
# Ensures that only trusted content is executed and styled. TODO: Consider using nonces or hashes for inline scripts instead of unsafe-inline.
Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' https://cardano.org https://new-cardano-org-staging.netlify.app https://www.googletagmanager.com https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com; img-src 'self' https://cardano.org https://new-cardano-org-staging.netlify.app https://forms.hsforms.com https://forms-eu1.hsforms.com data: https://*.ytimg.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://*.hsforms.com; media-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.google-analytics.com"
Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' https://cardano.org https://new-cardano-org-staging.netlify.app https://www.googletagmanager.com https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com; img-src 'self' https://cardano.org https://new-cardano-org-staging.netlify.app https://forms.hsforms.com https://forms-eu1.hsforms.com data: https://*.ytimg.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://*.hsforms.com; media-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.google-analytics.com https://cardano-mainnet.blockfrost.io"
# Enforces secure connections via HTTPS, protecting against certain types of man-in-the-middle attacks.
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
# Controls information provided as the HTTP Referer header when navigating from your site, enhancing privacy and security.
Expand Down

0 comments on commit 5a0c355

Please sign in to comment.