Skip to content

Commit

Permalink
fix csp warning, typo and allow react developer tools (#218)
Browse files Browse the repository at this point in the history
  • Loading branch information
@skyqrose
skyqrose authored Jan 10, 2025
1 parent 7e67ec3 commit 5c972ea
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion lib/orbit_web/router.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,15 @@ defmodule OrbitWeb.Router do

plug :put_secure_browser_headers, %{
# much of this is necessary for Appcues: https://docs.appcues.com/user-experiences-faq/faq-content-security-policies
# script-src-elem 'unsafe-inline' is for react developer tools
"content-security-policy" => "\
connect-src 'self' *.sentry.io *.fullstory.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com;\
default-src 'self';\
font-src self' https://fonts.gstatic.com;\
font-src 'self' https://fonts.gstatic.com;\
frame-src 'self' https://*.appcues.com;\
img-src 'self' https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net;\
script-src 'self' *.fullstory.com https://*.appcues.com https://*.appcues.net;\
script-src-elem 'self' 'unsafe-inline';\
style-src 'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com 'unsafe-inline';\
"
}
Expand Down

0 comments on commit 5c972ea

Please sign in to comment.