Merge pull request #19 from cardano-foundation/headers

Update headers
cardano-foundation · Apr 11, 2024 · 5916fa5 · 5916fa5
2 parents 5c9b82c + bec3b48
commit 5916fa5
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 9 deletions.
diff --git a/_headers b/_headers
diff --git a/netlify.toml b/netlify.toml
@@ -9,7 +9,7 @@
     # Activates the browser's built-in cross-site scripting (XSS) filter and blocks responses if an attack is detected.
     X-XSS-Protection = "1; mode=block"
     # Ensures that only trusted content is executed and styled.
-    Content-Security-Policy = "default-src 'self'; 
+    Content-Security-Policy = "default-src 'self'; script-src 'self' https://cardano.org; img-src 'self' https://cardano.org; style-src 'self' 'unsafe-inline';"
     # Enforces secure connections via HTTPS, protecting against certain types of man-in-the-middle attacks.
     Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
     # Controls information provided as the HTTP Referer header when navigating from your site, enhancing privacy and security.