csp fix

add2cal · Sep 29, 2023 · 2137575 · 2137575
1 parent ee9b2fa
commit 2137575
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 13 deletions.
diff --git a/demo/nuxt.config.ts b/demo/nuxt.config.ts
@@ -43,19 +43,8 @@ export default defineNuxtConfig({
       crossOriginResourcePolicy: 'cross-origin',
       crossOriginOpenerPolicy: 'same-origin',
       crossOriginEmbedderPolicy: 'unsafe-none',
+      contentSecurityPolicy: false,
       // the following needs to match the settings in ./public/staticwebapp.config.json
-      contentSecurityPolicy: {
-        'base-uri': ["'self'"],
-        'font-src': ["'self' data:"],
-        'form-action': ["'self'"],
-        'frame-ancestors': ["'self'"],
-        'img-src': ["'self' https://add-to-calendar-button.com data:"],
-        'object-src': ["'none'"],
-        'script-src-attr': ["'self'"],
-        'script-src': ["'self' 'unsafe-inline' https://*.add-to-calendar-button.com"],
-        'style-src': ["'self' 'unsafe-inline' https://add-to-calendar-button.com"],
-        'upgrade-insecure-requests': true,
-      },
       referrerPolicy: 'strict-origin-when-cross-origin',
       strictTransportSecurity: {
         maxAge: 31536000,

diff --git a/demo/public/staticwebapp.config.json b/demo/public/staticwebapp.config.json
@@ -14,7 +14,7 @@
     "Strict-Transport-Security": "max-age=31536000; includeSubDomains",
     "Referrer-Policy": "strict-origin-when-cross-origin",
     "Access-Control-Allow-Methods": "GET",
-    "Content-Security-Policy": "base-uri 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://add-to-calendar-button.com data:; object-src 'none'; script-src-attr 'self'; script-src 'self' 'unsafe-inline' https://*.add-to-calendar-button.com; style-src 'self' 'unsafe-inline' https://add-to-calendar-button.com;",
+    "Content-Security-Policy": "base-uri 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://add-to-calendar-button.com data:; object-src 'none'; script-src-attr 'self'; script-src 'self' 'unsafe-inline' https://*.add-to-calendar-button.com; style-src 'self' 'unsafe-inline' https://add-to-calendar-button.com; ; upgrade-insecure-requests;",
     "Permissions-Policy": "geolocation=(),midi=(),microphone=(),camera=(),gyroscope=(*),encrypted-media=(*),payment=()"
   }
 }