(pinot-site) branch new-site-dev updated: update csp (#110)

Tue, 09 Apr 2024 02:50:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

xiangfu pushed a commit to branch new-site-dev
in repository https://gitbox.apache.org/repos/asf/pinot-site.git


The following commit(s) were added to refs/heads/new-site-dev by this push:
     new 2a975a09 update csp (#110)
2a975a09 is described below

commit 2a975a09a98328e0f4fb3abcd4c0ba688d221997
Author: Xiang Fu <[email protected]>
AuthorDate: Tue Apr 9 17:49:49 2024 +0800

    update csp (#110)
---
 app/layout.tsx | 2 +-
 next.config.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/layout.tsx b/app/layout.tsx
index 6e2422f9..eca69283 100644
--- a/app/layout.tsx
+++ b/app/layout.tsx
@@ -90,7 +90,7 @@ export default function RootLayout({ children }: { children: 
React.ReactNode })
                 />
                 <meta
                     http-equiv="Content-Security-Policy"
-                    content="default-src 'self';script-src 'self' 
'unsafe-eval' 'unsafe-inline' giscus.app analytics.umami.is www.youtube.com 
www.googletagmanager.com www.google-analytics.com;style-src 'self' 
'unsafe-inline';img-src * blob: data:;media-src *.s3.amazonaws.com;connect-src 
*;font-src 'self';frame-src 'self' giscus.app youtu.be youtube.com 
www.youtube.com"
+                    content="default-src 'self';script-src 'self' 
'unsafe-eval' 'unsafe-inline' giscus.app analytics.umami.is www.youtube.com 
www.googletagmanager.com www.google-analytics.com;style-src 'self' 
'unsafe-inline';img-src * blob: data:;media-src *.s3.amazonaws.com;connect-src 
*;font-src 'self';frame-src www.youtube.com youtube.com giscus.app youtu.be;"
                 />
                 <meta name="msapplication-TileColor" content="#000000" />
                 <meta name="theme-color" media="(prefers-color-scheme: light)" 
content="#fff" />
diff --git a/next.config.js b/next.config.js
index 4593900d..8de48885 100644
--- a/next.config.js
+++ b/next.config.js
@@ -13,7 +13,7 @@ const ContentSecurityPolicy = `
   media-src *.s3.amazonaws.com;
   connect-src *;
   font-src 'self';
-  frame-src 'self' giscus.app youtu.be youtube.com www.youtube.com
+  frame-src www.youtube.com youtube.com giscus.app youtu.be;
 `;
 
 const securityHeaders = [


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to