summaryrefslogtreecommitdiffstats
path: root/config/_default/server.toml
diff options
context:
space:
mode:
Diffstat (limited to 'config/_default/server.toml')
-rw-r--r--config/_default/server.toml17
1 files changed, 12 insertions, 5 deletions
diff --git a/config/_default/server.toml b/config/_default/server.toml
index e072c6c..eea66d3 100644
--- a/config/_default/server.toml
+++ b/config/_default/server.toml
@@ -7,14 +7,21 @@ for = '/**'
Content-Security-Policy = """\
default-src 'self'; \
child-src 'self' app.netlify.com; \
- script-src 'unsafe-eval' 'unsafe-inline' 'self' *.netlify.app app.netlify.com netlify-cdp-loader.netlify.app https://*.google-analytics.com https://*.x.com https://*.twitter.com https://*.youtube.com https://*.flickr.com https://*.googletagmanager.com; \
- style-src 'unsafe-inline' 'self' *.netlify.app app.netlify.com netlify-cdp-loader.netlify.app https://*.knightlab.com https://fonts.googleapis.com https://www.youtube.com; \
+ script-src 'unsafe-eval' 'unsafe-inline' 'self' *.hsforms.net *.hs-scripts.com *.google.com *.gstatic.com \
+ *.netlify.app app.netlify.com netlify-cdp-loader.netlify.app https://*.google-analytics.com https://*.x.com \
+ https://*.twitter.com https://*.youtube.com https://*.flickr.com https://*.googletagmanager.com; \
+ style-src 'unsafe-inline' 'self' *.netlify.app app.netlify.com netlify-cdp-loader.netlify.app \
+ https://*.knightlab.com https://fonts.googleapis.com https://www.youtube.com; \
object-src 'none'; \
base-uri 'self'; \
- connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.knightlab.com; \
+ connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com \
+ https://*.googletagmanager.com https://*.knightlab.com *.hsforms.com *.hubspot.com; \
font-src 'self' https://*.netlify.app https://fonts.gstatic.com; \
- frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://*.netlify.com https://*.google.com; \
- img-src 'self' data: https: https://*.netlify.app https://i.vimeocdn.com https://i.ytimg.com https://*.cloudinary.com https://*.google-analytics.com https://*.googletagmanager.com https://tile.openstreetmap.org; \
+ frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://*.netlify.com \
+ https://*.google.com *.google.com; \
+ img-src 'self' data: https: https://*.netlify.app https://i.vimeocdn.com https://i.ytimg.com \
+ https://*.cloudinary.com https://*.google-analytics.com https://*.googletagmanager.com \
+ https://tile.openstreetmap.org *.hsforms.net *.hsforms.com; \
manifest-src 'self'; \
media-src 'self' https://*.netlify.app https://*.cloudinary.com https://*.youtube.com; \
"""
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-11 12:50:05 +0000