Skip to content

Commit

Permalink
Modify CSP HTTP header to allow inline styles
Browse files Browse the repository at this point in the history 
This is required by custom components (e.g. the "Tags" partial that renders tags with various font sizes and weights) as well as Bootstrap itself:

twbs/bootstrap#25394
  • Loading branch information
@jeremy-jameson
jeremy-jameson committed Nov 16, 2021
1 parent e7399a4 commit 15de467
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion config/_default/config.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,5 @@ enableGitInfo = true
[[server.headers]]
for = '/**'
[server.headers.values]
Content-Security-Policy = "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' https://cdnjs.cloudflare.com;"
Content-Security-Policy = "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;"
X-Frame-Options = 'DENY'
2 changes: 1 addition & 1 deletion static/staticwebapp.config.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"globalHeaders": {
"Content-Security-Policy": "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' https://cdnjs.cloudflare.com;",
"Content-Security-Policy": "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;",
"X-Frame-Options": "DENY"
}
}

0 comments on commit 15de467

Please sign in to comment.