We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 5053f94 commit 603d891Copy full SHA for 603d891
1 file changed
netlify.toml
@@ -5,7 +5,7 @@
5
# X-Frame-Options intentionally omitted to allow embedding
6
7
# Content Security Policy - Comprehensive XSS protection with embedding support
8
- Content-Security-Policy = "default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http: https:; frame-src https://app.netlify.com; frame-ancestors *; base-uri 'self'; form-action 'self'"
+ Content-Security-Policy = "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self'; frame-src https://app.netlify.com; frame-ancestors *; base-uri 'self'; form-action 'self'"
9
10
# Permissions Policy - Browser feature access control
11
Permissions-Policy = "camera=(), microphone=(), geolocation=(), interest-cohort=(), payment=(), usb=(), bluetooth=(), magnetometer=(), gyroscope=(), accelerometer=(), autoplay=(), encrypted-media=(), fullscreen=(self), picture-in-picture=()"
0 commit comments