aboutsummaryrefslogtreecommitdiffstats
path: root/next.config.js
diff options
context:
space:
mode:
authorArmand Philippot <git@armandphilippot.com>2022-02-22 15:47:53 +0100
committerArmand Philippot <git@armandphilippot.com>2022-02-22 15:47:53 +0100
commit15178f18b83d96073060d44e114a707919028546 (patch)
tree3c0c011a594a951a38da04a0917b8db81870cebe /next.config.js
parentd73f91150855a97b8dc830a83572cbaaf1d95356 (diff)
chore: update CSP
Diffstat (limited to 'next.config.js')
-rw-r--r--next.config.js5
1 files changed, 3 insertions, 2 deletions
diff --git a/next.config.js b/next.config.js
index 4b8214d..c324bb6 100644
--- a/next.config.js
+++ b/next.config.js
@@ -12,7 +12,7 @@ const contentSecurityPolicy = `
frame-src 'self';
img-src 'self' ${backendDomain} secure.gravatar.com data:;
media-src 'self' data:;
- script-src 'self' ${ackeeDomain} 'unsafe-inline';
+ script-src 'self' ${ackeeDomain} 'unsafe-inline' data:;
style-src 'self' 'unsafe-inline';
`;
@@ -24,7 +24,8 @@ const contentSecurityPolicyDev = `
frame-src 'self';
img-src 'self' ${backendDomain} secure.gravatar.com data:;
media-src 'self' data:;
- script-src 'self' ${ackeeDomain} 'unsafe-inline' 'unsafe-eval';
+ object-src 'self' data:;
+ script-src 'self' ${ackeeDomain} 'unsafe-inline' 'unsafe-eval' data:;
style-src 'self' 'unsafe-inline';
`;