Update plotly-min.js (#954)

* Update plotly-min.js From v1.48.3 to v1.52.2 and downgrade from full to basic (to avoid plotly/plotly.js#897) * Add "img-src blob:" is for Plotly download feature and comments
letsencrypt · Feb 23, 2020 · 4f99e26 · 4f99e26
1 parent e7e74a1
commit 4f99e26
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/content/en/_headers b/content/en/_headers
@@ -1,5 +1,7 @@
+# https://docs.netlify.com/routing/headers/#syntax-for-the-headers-file
 /*
-    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com; img-src 'self' data: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/; font-src 'self' https://cdnjs.cloudflare.com;connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com;
+    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/; font-src 'self' https://cdnjs.cloudflare.com;connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com;
+    # "img-src blob:" is for Plotly download feature
     X-Frame-Options: DENY
     X-XSS-Protection: 1; mode=block
     X-Content-Type-Options: nosniff

diff --git a/static/js/plotly-min.js b/static/js/plotly-min.js