CORS and security updates #2
2 changed files with 6 additions and 1 deletions
|
@ -197,7 +197,7 @@ copyright = "© $CURRENT_YEAR $AUTHOR $SEPARATOR Unless otherwise noted, the con
|
||||||
allowed_domains = [
|
allowed_domains = [
|
||||||
{ directive = "font-src", domains = ["'self'", "data:"] },
|
{ directive = "font-src", domains = ["'self'", "data:"] },
|
||||||
{ directive = "img-src", domains = ["'self'", "https://*", "data:"] },
|
{ directive = "img-src", domains = ["'self'", "https://*", "data:"] },
|
||||||
{ directive = "script-src", domains = ["'self'", "https://comments.softinio.com/js/embed.min.js"] },
|
{ directive = "script-src", domains = ["'self'", "https://comments.softinio.com/js/embed.min.js", "https://static.cloudflareinsights.com/beacon.min.js"] },
|
||||||
{ directive = "style-src", domains = ["'self'"] },
|
{ directive = "style-src", domains = ["'self'"] },
|
||||||
{ directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com", "https://watch.softinio.com", "https://notes.softinio.com/embed"] },
|
{ directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com", "https://watch.softinio.com", "https://notes.softinio.com/embed"] },
|
||||||
]
|
]
|
||||||
|
|
5
static/_headers
Normal file
5
static/_headers
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
https://comments.softinio.com
|
||||||
|
Access-Control-Allow-Origin: https://comments.softinio.com
|
||||||
|
https://www.softinio.com
|
||||||
|
Access-Control-Allow-Origin: https://www.softinio.com
|
||||||
|
|
Loading…
Reference in a new issue