summaryrefslogtreecommitdiffstats
path: root/config/_default/server.toml
diff options
context:
space:
mode:
authoranoduck <9925396+anoduck@users.noreply.github.com>2025-02-15 02:33:34 -0500
committeranoduck <9925396+anoduck@users.noreply.github.com>2025-02-15 02:33:34 -0500
commitd43ab2e37e681e222da93226bcd5211e29e84438 (patch)
tree9b46730f754a9a0fa46fb9d6582609068d714c57 /config/_default/server.toml
parentf079abb5cbc39bf5356bc7349f47b9b5c3627a48 (diff)
feat: 🎸 Module additions
Added created modules to the site along with more content.
Diffstat (limited to 'config/_default/server.toml')
-rw-r--r--config/_default/server.toml18
1 files changed, 9 insertions, 9 deletions
diff --git a/config/_default/server.toml b/config/_default/server.toml
index c80d88d..e072c6c 100644
--- a/config/_default/server.toml
+++ b/config/_default/server.toml
@@ -6,20 +6,20 @@ for = '/**'
X-XSS-Protection = "1; mode=block"
Content-Security-Policy = """\
default-src 'self'; \
- script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; \
- style-src 'self' https://fonts.googleapis.com https://www.youtube.com; \
+ child-src 'self' app.netlify.com; \
+ script-src 'unsafe-eval' 'unsafe-inline' 'self' *.netlify.app app.netlify.com netlify-cdp-loader.netlify.app https://*.google-analytics.com https://*.x.com https://*.twitter.com https://*.youtube.com https://*.flickr.com https://*.googletagmanager.com; \
+ style-src 'unsafe-inline' 'self' *.netlify.app app.netlify.com netlify-cdp-loader.netlify.app https://*.knightlab.com https://fonts.googleapis.com https://www.youtube.com; \
object-src 'none'; \
base-uri 'self'; \
- connect-src 'self'
- https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; \
- font-src 'self' https://fonts.gstatic.com; \
- frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; \
- img-src 'self' data: https://i.vimeocdn.com https://i.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://tile.openstreetmap.org; \
+ connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.knightlab.com; \
+ font-src 'self' https://*.netlify.app https://fonts.gstatic.com; \
+ frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://*.netlify.com https://*.google.com; \
+ img-src 'self' data: https: https://*.netlify.app https://i.vimeocdn.com https://i.ytimg.com https://*.cloudinary.com https://*.google-analytics.com https://*.googletagmanager.com https://tile.openstreetmap.org; \
manifest-src 'self'; \
- media-src 'self' \
+ media-src 'self' https://*.netlify.app https://*.cloudinary.com https://*.youtube.com; \
"""
X-Frame-Options = "SAMEORIGIN"
- Referrer-Policy = "strict-origin"
+ Referrer-Policy = "strict-origin-when-cross-origin"
Permissions-Policy = """\
geolocation=(), \
midi=(), \
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-11 14:42:39 +0000