feat: add cdn.jsdelivr.net to CSP connect-src and remove duplicate meta tag
- Added `https://cdn.jsdelivr.net` to the `connect-src` directive in both Content-Security-Policy and X-Content-Security-Policy headers to allow connections to the CDN. - Removed the duplicate Content-Security-Policy meta tag from the frontend/index.html file to avoid redundancy and potential conflicts.
This commit is contained in:
Viktoria Polyakova
@@ -4,7 +4,6 @@
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<meta name="theme-color" content="#23282f" />
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: https://www.google-analytics.com https://analytics.google.com https://*; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com ws: wss:; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob: https://cdnjs.cloudflare.com;" />
|
||||
|
||||
<!-- Geologica -->
|
||||
<link
|
||||
|
||||
Reference in New Issue
Block a user