Merge pull request #77 from anoduck/develop

Regardless of failed style linting pulling this shit.
author: Anoduck, The Anonymous Duck <9925396+anoduck@users.noreply.github.com> 2025-02-16 09:16:39 +0000
committer: GitHub <noreply@github.com> 2025-02-16 09:16:39 +0000
commit: b5290138e1f73a7a56578f9975ba3b50829ca8d4 (patch)
tree: b4d2d0d4a5b10754f0d075248f97f63f74bbb9aa /config/_default/server.toml
parent: 5354e537b7e02b96cf0b842adfc5faaae5d1a862 (diff)
parent: 5086a041c02412f1a5f811325d4798c49acd328b (diff)
1 files changed, 9 insertions, 9 deletions
diff --git a/config/_default/server.toml b/config/_default/server.toml
index c80d88d..e072c6c 100644
--- a/config/_default/server.toml
+++ b/config/_default/server.toml
@@ -6,20 +6,20 @@ for = '/**'
     X-XSS-Protection = "1; mode=block"
     Content-Security-Policy = """\
         default-src 'self'; \
-        script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; \
-        style-src 'self' https://fonts.googleapis.com https://www.youtube.com; \
+        child-src 'self' app.netlify.com; \
+        script-src 'unsafe-eval' 'unsafe-inline' 'self' *.netlify.app app.netlify.com netlify-cdp-loader.netlify.app https://*.google-analytics.com https://*.x.com https://*.twitter.com https://*.youtube.com https://*.flickr.com https://*.googletagmanager.com; \
+        style-src 'unsafe-inline' 'self' *.netlify.app app.netlify.com netlify-cdp-loader.netlify.app https://*.knightlab.com https://fonts.googleapis.com https://www.youtube.com; \
         object-src 'none'; \
         base-uri 'self'; \
-        connect-src 'self'
-            https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; \
-        font-src 'self' https://fonts.gstatic.com; \
-        frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; \
-        img-src 'self' data: https://i.vimeocdn.com https://i.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://tile.openstreetmap.org; \
+        connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.knightlab.com; \
+        font-src 'self' https://*.netlify.app https://fonts.gstatic.com; \
+        frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://*.netlify.com https://*.google.com; \
+        img-src 'self' data: https: https://*.netlify.app https://i.vimeocdn.com https://i.ytimg.com https://*.cloudinary.com https://*.google-analytics.com https://*.googletagmanager.com https://tile.openstreetmap.org; \
         manifest-src 'self'; \
-        media-src 'self' \
+        media-src 'self' https://*.netlify.app https://*.cloudinary.com https://*.youtube.com; \
         """
     X-Frame-Options = "SAMEORIGIN"
-    Referrer-Policy = "strict-origin"
+    Referrer-Policy = "strict-origin-when-cross-origin"
     Permissions-Policy = """\
         geolocation=(), \
         midi=(), \
author	Anoduck, The Anonymous Duck <9925396+anoduck@users.noreply.github.com>	2025-02-16 09:16:39 +0000
committer	GitHub <noreply@github.com>	2025-02-16 09:16:39 +0000
commit	b5290138e1f73a7a56578f9975ba3b50829ca8d4 (patch)
tree	b4d2d0d4a5b10754f0d075248f97f63f74bbb9aa /config/_default/server.toml
parent	5354e537b7e02b96cf0b842adfc5faaae5d1a862 (diff)
parent	5086a041c02412f1a5f811325d4798c49acd328b (diff)