Skip to content

Commit

Permalink
Update docs/public/_headers
Browse files Browse the repository at this point in the history
Signed-off-by: Olivier Tassinari <olivier.tassinari@gmail.com>
  • Loading branch information
oliviertassinari authored Sep 13, 2024
1 parent 909a621 commit bf3f4e5
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/public/_headers
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,5 @@
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
# TODO: progressively reduce the CSP scopes
# Start with a wildcard, using https://github.com/oliviertassinari/mui-toolpad/blob/f4c4eb046b352e4fc00729c3bed605e671b040c4/packages/toolpad-studio/src/server/index.ts#L241
# Start with a wildcard, using https://github.com/mui/mui-toolpad/blob/f4c4eb046b352e4fc00729c3bed605e671b040c4/packages/toolpad-studio/src/server/index.ts#L241
Content-Security-Policy: default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *;

0 comments on commit bf3f4e5

Please sign in to comment.