From f24eb27bef4ecbb9b7d1702d9a10fcdba913300c Mon Sep 17 00:00:00 2001 From: Salar Rahmanian Date: Sat, 17 Feb 2024 09:37:00 -0800 Subject: [PATCH] cors and security fixes --- config.toml | 2 +- static/_headers | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 static/_headers diff --git a/config.toml b/config.toml index 401f6f3..ad22981 100644 --- a/config.toml +++ b/config.toml @@ -197,7 +197,7 @@ copyright = "© $CURRENT_YEAR $AUTHOR $SEPARATOR Unless otherwise noted, the con allowed_domains = [ { directive = "font-src", domains = ["'self'", "data:"] }, { directive = "img-src", domains = ["'self'", "https://*", "data:"] }, - { directive = "script-src", domains = ["'self'", "https://comments.softinio.com/js/embed.min.js"] }, + { directive = "script-src", domains = ["'self'", "https://comments.softinio.com/js/embed.min.js", "https://static.cloudflareinsights.com/beacon.min.js"] }, { directive = "style-src", domains = ["'self'"] }, { directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com", "https://watch.softinio.com", "https://notes.softinio.com/embed"] }, ] diff --git a/static/_headers b/static/_headers new file mode 100644 index 0000000..063c000 --- /dev/null +++ b/static/_headers @@ -0,0 +1,5 @@ +https://comments.softinio.com + Access-Control-Allow-Origin: https://comments.softinio.com +https://www.softinio.com + Access-Control-Allow-Origin: https://www.softinio.com +