Fix CSP

Fix broken hash and missing CSP directive.
martincostello · Dec 4, 2018 · 8ba5be8 · 8ba5be8
1 parent 305895b
commit 8ba5be8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/cloudfront.js b/cloudfront.js
@@ -8,7 +8,7 @@ exports.handler = (event, context, callback) => {
   const headers = response.headers;
 
   const values = [
-    { key: "Content-Security-Policy", value: "default-src 'self' data: maxcdn.bootstrapcdn.com;script-src 'self' cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.google-analytics.com;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com;img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com stackpath.bootstrapcdn.com use.fontawesome.com;connect-src 'self' www.google-analytics.com;media-src 'none';object-src 'none';child-src 'self';frame-ancestors 'none';form-action 'self';block-all-mixed-content;base-uri 'self';manifest-src 'self';upgrade-insecure-requests;report-uri https://martincostello.report-uri.io/r/default/csp/enforce;" },
+    { key: "Content-Security-Policy", value: "default-src 'self' data: maxcdn.bootstrapcdn.com;script-src 'self' cdnjs.cloudflare.com stackpath.bootstrapcdn.com storage.googleapis.com www.google-analytics.com;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com;img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com stackpath.bootstrapcdn.com use.fontawesome.com;connect-src 'self' www.google-analytics.com;media-src 'none';object-src 'none';child-src 'self';frame-ancestors 'none';form-action 'self';block-all-mixed-content;base-uri 'self';manifest-src 'self';upgrade-insecure-requests;report-uri https://martincostello.report-uri.io/r/default/csp/enforce;" },
     { key: "Expect-CT", value: "max-age=1800; report-uri https://martincostello.report-uri.io/r/default/ct/reportOnly" },
     { key: "Feature-Policy", value: "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'" },
     { key: "Referrer-Policy", value: "no-referrer-when-downgrade" },

diff --git a/public/index.html b/public/index.html
@@ -75,7 +75,7 @@
   <script type="text/javascript" src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js" integrity="sha384-uefMccjFJAIv6A+rW+L4AHf99KvxDjWSu1z9VI8SKNVmz4sk7buKt/6v9KI65qnm" crossorigin="anonymous" defer></script>
   <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootswatch/4.1.0/flatly/bootstrap.min.css" integrity="sha384-kCsv8pSAWtRge/+zcLDeqwoWhTQSUX2esQPYOsocgrg1eMj7T2wrTJP348T3mpBU" crossorigin="anonymous">
   <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.10/css/all.css" integrity="sha384-+d0P83n9kaQMCwj8F4RJB66tzIwOKmrdb46+porD/OvrJ+37WqIM7UoBtwHO6Nlg" crossorigin="anonymous">
-  <script type="text/javascript" src="/static/js/analytics.js" integrity="sha256-ikCZ4sdvuxgCpxUuR8MLLMg36STle/9QMxcRf/u4QJ8=" crossorigin="anonymous" defer></script>
+  <script type="text/javascript" src="/static/js/analytics.js" integrity="sha256-IWZiU2vX5waSxVqcdOiJtI1yjY5j2QjBVQe54LtdV3U=" crossorigin="anonymous" defer></script>
 </head>
 <body>
   <noscript>