CORS and security updates #2
2 changed files with 6 additions and 1 deletions
|
@ -197,7 +197,7 @@ copyright = "© $CURRENT_YEAR $AUTHOR $SEPARATOR Unless otherwise noted, the con
|
|||
allowed_domains = [
|
||||
{ directive = "font-src", domains = ["'self'", "data:"] },
|
||||
{ directive = "img-src", domains = ["'self'", "https://*", "data:"] },
|
||||
{ directive = "script-src", domains = ["'self'", "https://comments.softinio.com/js/embed.min.js"] },
|
||||
{ directive = "script-src", domains = ["'self'", "https://comments.softinio.com/js/embed.min.js", "https://static.cloudflareinsights.com/beacon.min.js"] },
|
||||
{ directive = "style-src", domains = ["'self'"] },
|
||||
{ directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com", "https://watch.softinio.com", "https://notes.softinio.com/embed"] },
|
||||
]
|
||||
|
|
5
static/_headers
Normal file
5
static/_headers
Normal file
|
@ -0,0 +1,5 @@
|
|||
https://comments.softinio.com
|
||||
Access-Control-Allow-Origin: https://comments.softinio.com
|
||||
https://www.softinio.com
|
||||
Access-Control-Allow-Origin: https://www.softinio.com
|
||||
|
Loading…
Reference in a new issue