Skip to content

Commit

Permalink
Modify CSP HTTP header to allow inline styles
Browse files Browse the repository at this point in the history 
This is required by custom components (e.g. the "Tags" partial that renders tags with various font sizes and weights) as well as Bootstrap itself:

twbs/bootstrap#25394
  • Loading branch information
@jeremy-jameson
jeremy-jameson committed Nov 16, 2021
1 parent b2b6c79 commit 11b7034
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion config/_default/config.toml
View file
Expand Up @@ -43,5 +43,5 @@ enableGitInfo = true
[[server.headers]]
for = '/**'
[server.headers.values]
Content-Security-Policy = "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' https://cdnjs.cloudflare.com;"
Content-Security-Policy = "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;"
X-Frame-Options = 'DENY'
2 changes: 1 addition & 1 deletion static/staticwebapp.config.json
View file
@@ -1,6 +1,6 @@
{
"globalHeaders": {
"Content-Security-Policy": "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' https://cdnjs.cloudflare.com;",
"Content-Security-Policy": "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;",
"X-Frame-Options": "DENY"
}
}

0 comments on commit 11b7034

Please sign in to comment.