Remove integrity check for the locally served .js scripts #doc

From https://securityheaders.com/?q=https%3A%2F%2Fox-hugo.scripter.co&followRedirects=on, it's not advisable to enable CORS for non-public CDN. > Access-Control-Allow-Origin This is a very lax CORS policy. Such a policy should only be used on a public CDN.
kaushalmodi · May 1, 2018 · 7982508 · 7982508
1 parent 69bac33
commit 7982508
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 6 deletions.
diff --git a/doc/static/_headers b/doc/static/_headers
@@ -46,11 +46,6 @@
 /*
   X-Content-Type-Options: nosniff
 
-## Enable CORS
-# https://enable-cors.org/server.html
-/*
-  Access-Control-Allow-Origin: *
-
 # Content Security Policy
 ## Hashes for Privacy Badger injected scripts: https://gitlab.com/kaushalmodi/kaushalmodi.gitlab.io/blob/29fc983ac72fa886ac39bff6b46dc7e426cb993b/netlify.toml#L174-199
 /*

diff --git a/doc/themes/hugo-onyx-theme b/doc/themes/hugo-onyx-theme