Add style-src: unsafe-inline

main
mat ess 2022-08-13 01:08:48 -04:00
parent af56b65ab9
commit 73377830c9
1 changed files with 2 additions and 1 deletions

View File

@ -33,9 +33,10 @@ http://static-mat-services.fly.dev/ {
# keep referrer data off of HTTP connections
Referrer-Policy strict-origin-when-cross-origin
# content security policy
# style-src: 'unsafe-inline' is currently enabled for syntax highlighting in codefences
Content-Security-Policy "default-src 'none';
img-src 'self';
style-src 'self' https://cdn.jsdelivr.net/;
style-src 'self' https://cdn.jsdelivr.net/ 'unsafe-inline';
font-src 'self' https://cdn.jsdelivr.net/;
frame-ancestors 'none';
base-uri 'none';