Skip to content

Commit

Permalink
fix(#502): extend CSP to work with monaco-editor
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmelko @phantomjinx
mmelko authored and phantomjinx committed Oct 24, 2024
1 parent 052e56a commit 5653903
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docker/includes/security-headers-online.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ include /etc/nginx/includes/security-headers-base.conf;
# Govern what content can be loaded by the server and from where
# Click jacking prevention to be used in addition to X-Frame-Options
# Requires allowing inline-styles and inline data objects (svg imgs)
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; frame-ancestors 'self'; form-action 'self'; ";
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data: https://cdn.jsdelivr.net/npm/[email protected]/min/; img-src 'self' data:; frame-ancestors 'self'; form-action 'self'; script-src-elem 'self' https://cdn.jsdelivr.net/npm/[email protected]/min/; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/[email protected]/min/;";

0 comments on commit 5653903

Please sign in to comment.