sloane
/
fly-apps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CSP for popups

main
mat ess 2022-08-13 08:47:41 -04:00
parent e50a2e82e0
commit 9cfda9bfd8
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
static/Caddyfile
View File

@ -33,7 +33,8 @@ http://static-mat-services.fly.dev/ {
# keep referrer data off of HTTP connections # keep referrer data off of HTTP connections
Referrer-Policy strict-origin-when-cross-origin Referrer-Policy strict-origin-when-cross-origin
# content security policy # content security policy
# style-src: 'unsafe-inline' is currently enabled for syntax highlighting in codefences # style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy "default-src 'none'; Content-Security-Policy "default-src 'none';
img-src 'self'; img-src 'self';
style-src 'self' https://cdn.jsdelivr.net/ 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net/ 'unsafe-inline';
@ -42,7 +43,7 @@ http://static-mat-services.fly.dev/ {
frame-ancestors 'none'; frame-ancestors 'none';
base-uri 'none'; base-uri 'none';
upgrade-insecure-requests; upgrade-insecure-requests;
sandbox allow-same-origin allow-top-navigation" sandbox allow-same-origin allow-popups"
} }
} }