sambruk/excalidraw
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Content Security Policy Header Tag (#1379)

Browse Source 
* Add Content Security Policy Header Tag

* Update CSP for connect-src with https, wss
This commit is contained in:
Shriram Balaji 2020-04-11 20:52:16 +05:30 committed by GitHub
parent a3fd464702
commit af09c977bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/index.html
View File

@ -62,7 +62,10 @@
/>
<!-- OG tags require absolute url for images -->
<meta name="twitter:image" content="https://excalidraw.com/og-image.png" />
<meta
http-equiv="Content-Security-Policy"
content="block-all-mixed-content; child-src 'none'; connect-src https: wss:; default-src 'self'; font-src 'self' data: https: filesystem:; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https:;"
/>
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
<link rel="stylesheet" href="fonts.css" />
<link