diff --git a/config/_default/config.toml b/config/_default/config.toml index 78a5e5b0..c135aa2a 100644 --- a/config/_default/config.toml +++ b/config/_default/config.toml @@ -43,5 +43,5 @@ enableGitInfo = true [[server.headers]] for = '/**' [server.headers.values] - Content-Security-Policy = "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' https://cdnjs.cloudflare.com;" + Content-Security-Policy = "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;" X-Frame-Options = 'DENY' \ No newline at end of file diff --git a/static/staticwebapp.config.json b/static/staticwebapp.config.json index 864f5f93..5e31393f 100644 --- a/static/staticwebapp.config.json +++ b/static/staticwebapp.config.json @@ -1,6 +1,6 @@ { "globalHeaders": { - "Content-Security-Policy": "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' https://cdnjs.cloudflare.com;", + "Content-Security-Policy": "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;", "X-Frame-Options": "DENY" } }