diff options
| author |  Joe Banks <[email protected]> | 2024-08-19 02:21:05 +0100 |
|---|---|---|
| committer | Joe Banks <[email protected]> | 2024-08-19 02:21:05 +0100 |
| commit | ae3a04706c0f27b1d7faefce8083fdaf494c1a0d (patch) | |
| tree | 8ed531775d864ab0a6c18fd49dbc24a1f5552247 /thallium-backend | |
| parent | Add data URLs source (diff) | |
Allow UNPKG in CSP
Diffstat (limited to 'thallium-backend')
| -rw-r--r-- | thallium-backend/src/app.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/thallium-backend/src/app.py b/thallium-backend/src/app.py index a78a9e6..638cc1f 100644 --- a/thallium-backend/src/app.py +++ b/thallium-backend/src/app.py @@ -42,7 +42,8 @@ async def add_process_time_and_security_headers( response.headers["Strict-Transport-Security"] = "max-age=31536000" response.headers["X-Content-Type-Options"] = "nosniff" response.headers["Content-Security-Policy"] = ( - "default-src 'self'; script-src 'unsafe-inline' https://cdn.jsdelivr.net/;" + "default-src 'self';" + " script-src 'unsafe-inline' https://cdn.jsdelivr.net/ https://unpkg.com/;" " style-src https://cdn.jsdelivr.net/ https://fonts.googleapis.com/;" " img-src 'self' data:;" ) |