Skip to content

Commit

Permalink
Merge pull request #1189 from tubone24/csp
Browse files Browse the repository at this point in the history 
csp
  • Loading branch information
@tubone24
tubone24 authored Dec 31, 2022
2 parents d622092 + fd747eb commit 6a90960
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 4 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,8 @@ jobs:
node-version: 16.x
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: delete headers file
run: rm -f static/_headers
- name: yarn build
env:
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}}
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/previewDeploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,8 @@ jobs:
node-version: 16.x
- name: install dependencies
run: yarn install --frozen-lockfile
- name: delete headers file
run: rm -f static/_headers
- name: yarn build
env:
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}}
Expand Down
5 changes: 1 addition & 4 deletions src/html.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,7 @@ const HTML = ({
<body {...bodyAttributes}>
{preBodyComponents}
<script src="/adstir.js" />
<script
src="https://js.ad-stir.com/js/adstir.js"
nonce="ZsQmvvc24RF0Q3OGhq"
/>
<script src="https://js.ad-stir.com/js/adstir.js" />
<div
key="body"
id="___gatsby"
Expand Down
3 changes: 3 additions & 0 deletions static/_headers
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
/*
Content-Security-Policy: default-src 'self'; img-src *; media-src *; font-src *; script-src 'self' *.google-analytics.com https://*.twitter.com https://*.instagram.com https://embedr.flickr.com https://embed.redditmedia.com https://*.ad-stir.com https://blog-storybook.netlify.app https://www.youtube.com; frame-ancestors 'self' https://*.google-analytics.com https://*.twitter.com https://www.instagram.com https://embedr.flickr.com https://embed.redditmedia.com https://*.ad-stir.com https://blog-storybook.netlify.app https://www.youtube.com; object-src 'self' https://*.google-analytics.com https://*.twitter.com https://www.instagram.com https://embedr.flickr.com https://embed.redditmedia.com https://*.ad-stir.com https://blog-storybook.netlify.app https://www.youtube.com;
X-Content-Type-Options: nosniff;

0 comments on commit 6a90960

Please sign in to comment.