Fix Content Security Policy

oktadev · Oct 26, 2023 · 5cb676e · 5cb676e
1 parent 50df66d
commit 5cb676e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/_source/_headers b/_source/_headers
@@ -1,5 +1,5 @@
 /*
-  Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://app.netlify.com https://devforum.okta.com https://aws1.discourse-cdn.com https://sea1.discourse-cdn.com https://www.youtube.com https://platform.twitter.com *.doubleclick.net https://player.vimeo.com https://speakerdeck.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.okta.com https://cdn.jsdelivr.net https://*.netlify.app https://cdnjs.cloudflare.com https://devforum.okta.com https://aws1.discourse-cdn.com https://sea1.discourse-cdn.com https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://platform.twitter.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://www.google.com https://snap.licdn.com https://static.ads-twitter.com https://www.redditstatic.com https://js.clearbit.com https://munchkin.marketo.net https://bat.bing.com https://j.6sc.co https://googleads.g.doubleclick.net https://analytics.twitter.com https://www.googleadservices.com https://s.adroll.com https://speakerdeck.com; style-src 'self' 'unsafe-inline' https://static.cloud.coveo.com https://*.typekit.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com; img-src 'self' data: https://*.cloudfront.net https://dev.visualwebsiteoptimizer.com https://assets.amuniversal.com https://i.ytimg.com https://jadserve.postrelease.com https://alb.reddit.com https://bat.bing.com https://b.6sc.co https://*.linkedin.com https://t.co https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com *.doubleclick.net https://p.adsymptotic.com https://dev-to-uploads.s3.amazonaws.com https://media.giphy.com https://imgs.xkcd.com; font-src 'self' data: https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'none'; connect-src 'self' https://developer.okta.com https://cdn.cookielaw.org https://secure.adnxs.com https://epsilon.6sense.com https://x.clearbit.com https://stats.g.doubleclick.net https://855-qah-699.mktoresp.com https://geolocation.onetrust.com https://analytics.google.com https://ipv6.6sc.co https://cdn.linkedin.oribi.io https://www.google-analytics.com https://pagead2.googlesyndication.com
+  Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://app.netlify.com https://devforum.okta.com https://aws1.discourse-cdn.com https://sea1.discourse-cdn.com https://www.youtube.com https://platform.twitter.com *.doubleclick.net https://player.vimeo.com https://speakerdeck.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.okta.com https://cdn.jsdelivr.net https://*.netlify.app https://cdnjs.cloudflare.com https://devforum.okta.com https://aws1.discourse-cdn.com https://sea1.discourse-cdn.com https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://platform.twitter.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://www.google.com https://snap.licdn.com https://static.ads-twitter.com https://www.redditstatic.com https://js.clearbit.com https://munchkin.marketo.net https://bat.bing.com https://j.6sc.co https://googleads.g.doubleclick.net https://analytics.twitter.com https://www.googleadservices.com https://s.adroll.com https://speakerdeck.com https://d.adroll.com; style-src 'self' 'unsafe-inline' https://static.cloud.coveo.com https://*.typekit.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com; img-src 'self' data: https://*.cloudfront.net https://dev.visualwebsiteoptimizer.com https://assets.amuniversal.com https://i.ytimg.com https://jadserve.postrelease.com https://alb.reddit.com https://bat.bing.com https://b.6sc.co https://*.linkedin.com https://t.co https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com *.doubleclick.net https://p.adsymptotic.com https://dev-to-uploads.s3.amazonaws.com https://media.giphy.com https://imgs.xkcd.com https://cdn.cookielaw.org https://analytics.twitter.com; font-src 'self' data: https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'none'; connect-src 'self' https://developer.okta.com https://cdn.cookielaw.org https://secure.adnxs.com https://epsilon.6sense.com https://x.clearbit.com https://stats.g.doubleclick.net https://855-qah-699.mktoresp.com https://geolocation.onetrust.com https://analytics.google.com https://ipv6.6sc.co https://cdn.linkedin.oribi.io https://www.google-analytics.com https://pagead2.googlesyndication.com
   Upgrade-Insecure-Requests: 1
   Referrer-Policy: no-referrer-when-downgrade, origin-when-cross-origin
   X-Content-Type-Options: nosniff