Skip to content

Commit

Permalink
Allow JSDelivr in CSP
Browse files Browse the repository at this point in the history
  • Loading branch information
jb3 committed Aug 19, 2024
1 parent d5e4477 commit f126807
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion thallium-backend/src/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ async def add_process_time_and_security_headers(
response.headers["X-XSS-Protection"] = "1; mode=block"
response.headers["Strict-Transport-Security"] = "max-age=31536000"
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["Content-Security-Policy"] = "default-src 'self'"
response.headers["Content-Security-Policy"] = "default-src 'self'; script-src https://cdn.jsdelivr.net/; style-src https://cdn.jsdelivr.net/;"
response.headers["Referrer-Policy"] = "no-referrer"
response.headers["Permissions-Policy"] = (
"camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=(), screen-wake-lock=(), web-share=()"
Expand Down

0 comments on commit f126807

Please sign in to comment.