From 0ac33be1e0a6d797f64bdfae4c19992385992252 Mon Sep 17 00:00:00 2001 From: pgilad Date: Sat, 18 Nov 2023 20:40:32 +0200 Subject: [PATCH] Reduce CSP --- gatsby-config.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gatsby-config.ts b/gatsby-config.ts index e3e67d1..537e858 100644 --- a/gatsby-config.ts +++ b/gatsby-config.ts @@ -253,7 +253,7 @@ const configuration: GatsbyConfig = { mergeSecurityHeaders: false, headers: { "/*": [ - "Content-Security-Policy: connect-src 'self' https://github.githubassets.com; default-src 'self'; font-src 'self' data: https://github.githubassets.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self'; img-src 'self' data: https://github.githubassets.com https://fonts.gstatic.com https://fonts.googleapis.com; media-src 'self'; object-src 'none'; script-src 'self' https://github.githubassets.com 'unsafe-inline'; style-src 'self' data: https://github.githubassets.com https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; worker-src 'self'; report-uri https://giladpeleg.report-uri.com/r/d/csp/enforce; report-to default;", + "Content-Security-Policy: base-uri 'self'; connect-src 'self' https://github.githubassets.com; default-src 'self'; font-src 'self' data: https://github.githubassets.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self'; img-src 'self' data: https://github.githubassets.com https://fonts.gstatic.com https://fonts.googleapis.com; media-src 'self'; object-src 'none'; script-src 'self' https://github.githubassets.com 'unsafe-inline'; style-src 'self' data: https://github.githubassets.com https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; worker-src 'self'; report-uri https://giladpeleg.report-uri.com/r/d/csp/enforce; report-to default;", "Permissions-Policy: fullscreen=(self)", "Referrer-Policy: no-referrer-when-downgrade", `Report-To: '{"group":"default","max_age":31536000,"endpoints":[{"url":"https://giladpeleg.report-uri.com/a/d/g"}],"include_subdomains":true}'`,