From 7e8ba949474e6370d890c468f61c77a500d7aa50 Mon Sep 17 00:00:00 2001 From: James Harris Date: Sun, 24 Dec 2017 21:29:00 +0000 Subject: [PATCH] chore: fix kitsu.io exclusion in CSP --- static/_headers | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/static/_headers b/static/_headers index a21572ff7..6c2457365 100644 --- a/static/_headers +++ b/static/_headers @@ -1,7 +1,7 @@ /* - Content-Security-Policy: default-src 'self' data: https://*.kitsu.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src https:; media-src https:; frame-src 'none'; font-src https: - X-Content-Security-Policy: default-src 'self' data: https://*.kitsu.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src https:; media-src https:; frame-src 'none'; font-src https: - X-WebKit-CSP: default-src 'self' data: https://*.kitsu.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src https:; media-src https:; frame-src 'none'; font-src https: + Content-Security-Policy: default-src 'self' data: https://kitsu.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src https:; media-src https:; frame-src 'none'; font-src https: + X-Content-Security-Policy: default-src 'self' data: https://kitsu.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src https:; media-src https:; frame-src 'none'; font-src https: + X-WebKit-CSP: default-src 'self' data: https://kitsu.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src https:; media-src https:; frame-src 'none'; font-src https: X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff