fix: add 'unsafe-inline' to script-src

This commit is contained in:
xHyroM 2023-01-02 22:45:48 +01:00
parent 332458b14f
commit 90edaee257
2 changed files with 2 additions and 2 deletions

View file

@ -37,7 +37,7 @@
/> />
<!-- CSP --> <!-- CSP -->
<meta http-equiv="Content-Security-Policy" content="img-src 'self'; font-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self'; object-src 'none'" /> <meta http-equiv="Content-Security-Policy" content="img-src 'self'; font-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline'; object-src 'none'" />
<link rel="preconnect" href="https://fonts.googleapis.com" /> <link rel="preconnect" href="https://fonts.googleapis.com" />
<link <link

View file

@ -5,7 +5,7 @@
"headers" : [ "headers" : [
{ {
"key" : "Content-Security-Policy", "key" : "Content-Security-Policy",
"value" : "img-src 'self'; font-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self'; object-src 'none'" "value" : "img-src 'self'; font-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline'; object-src 'none'"
} }
] ]
} }