Skip to content

Commit

Permalink
fix: relax content security policy for sveltekit starter (#3902)
Browse files Browse the repository at this point in the history
  • Loading branch information
krpeacock authored Sep 4, 2024
1 parent 5ab9e7f commit 993ae6d
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ Module hash: 3a533f511b3960b4186e76cf9abfbd8222a2c507456a66ec55671204ee70cae3

# 0.23.0

### fix: relax content security policy for sveltekit starter

We had to roll back part of the increased default security policy for the sveltekit starter due to the framework's use of inline scripts

### feat: Add canister snapshots

The new `dfx canister snapshot` command can be used to create, apply, and delete snapshots of stopped canisters.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@
// Options are: "hardened" | "standard" | "disabled".
"security_policy": "standard",

"headers": {
"Content-Security-Policy": "default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self' data:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
},

// Uncomment to disable the warning about using the
// standard security policy, if you understand the risk
// "disable_security_policy_warning": true,
Expand Down

0 comments on commit 993ae6d

Please sign in to comment.