add github mediasource in security headers (#551)

This commit is contained in:
Zineb El Bachiri 2023-07-07 13:00:26 +02:00 committed by GitHub
parent 3ba2c92b50
commit abe7cca902
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -18,6 +18,7 @@ const ContentSecurityPolicy = `
default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so https://www.quivr.app/; default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so https://www.quivr.app/;
connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so; connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so;
img-src 'self' data:; img-src 'self' data:;
media-src 'self' https://user-images.githubusercontent.com;
script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/; script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/;
frame-ancestors 'none'; frame-ancestors 'none';
style-src 'unsafe-inline' https://www.quivr.app/; style-src 'unsafe-inline' https://www.quivr.app/;