Skip to content

Commit

Permalink
fix: expand CSP (#457)
Browse files Browse the repository at this point in the history 
* chore: expand CSP policy to allow https://ecosystem-database.safe.global/

* chore: expand CSP policy to allow connecting to Google Analytics

* chore: increase package version
  • Loading branch information
@DiogoSoaress
DiogoSoaress authored Sep 12, 2024
1 parent 00c83ef commit e325405
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "safe-homepage",
"homepage": "https://github.com/safe-global/safe-homepage",
"version": "1.4.44",
"version": "1.4.45",
"scripts": {
"build": "next build && next export",
"lint": "next lint",
Expand Down
4 changes: 2 additions & 2 deletions src/config/securityHeaders.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ import { IS_PRODUCTION } from '@/config/constants'
*/
export const ContentSecurityPolicy = `
default-src 'self';
connect-src 'self' https://api.ashbyhq.com/posting-api/job-board/safe.global/ https://ecosystem-database.staging.5afe.dev/data.json https://hub.snapshot.org/graphql https://cdn.contentful.com/spaces/1i5gc724wjeu/ https://metrics.hotjar.io/ https://content.hotjar.io/ wss://ws.hotjar.com;
connect-src 'self' https://*.google-analytics.com https://api.ashbyhq.com/posting-api/job-board/safe.global/ https://ecosystem-database.safe.global/data.json https://ecosystem-database.staging.5afe.dev/data.json https://hub.snapshot.org/graphql https://cdn.contentful.com/spaces/1i5gc724wjeu/ https://metrics.hotjar.io/ https://content.hotjar.io/ wss://ws.hotjar.com;
script-src 'self' ${
IS_PRODUCTION ? '' : "'unsafe-eval'"
} 'unsafe-inline' https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com;
style-src 'self' 'unsafe-inline';
font-src 'self';
object-src 'none';
base-uri 'none';
img-src 'self' http://images.ctfassets.net/ https://ecosystem-database.staging.5afe.dev/logos/ https://safe-claiming-app-data.safe.global/guardians/images/ data:;
img-src 'self' http://images.ctfassets.net/ https://ecosystem-database.safe.global/logos/ https://ecosystem-database.staging.5afe.dev/logos/ https://safe-claiming-app-data.safe.global/guardians/images/ data:;
frame-src https://safe.mirror.xyz/ https://www.youtube-nocookie.com/ https://cdn.jwplayer.com/;
`
.replace(/\s{2,}/g, ' ')
Expand Down

0 comments on commit e325405

Please sign in to comment.