chore: update img csp headers

WestpacGEL · Dec 3, 2024 · fbb2527 · fbb2527
1 parent a83de6f
commit fbb2527
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/apps/site/src/_middleware.ts b/apps/site/src/_middleware.ts
@@ -8,7 +8,7 @@ export function _middleware(request: NextRequest) {
     default-src 'self';
     script-src 'self' 'nonce-${nonce}' 'strict-dynamic' 'unsafe-eval';
     style-src 'self' 'unsafe-inline';
-    img-src 'self' blob: data: res.cloudinary.com westpac.com.au;
+    img-src 'self' blob: data: res.cloudinary.com www.westpac.com.au;
     font-src 'self';
     object-src 'none';
     base-uri 'self';

diff --git a/apps/site/vercel.json b/apps/site/vercel.json
@@ -49,7 +49,7 @@
       "headers": [
         {
           "key": "Content-Security-Policy",
-          "value": "frame-ancestors 'self'; upgrade-insecure-requests; img-src 'self' blob: data: res.cloudinary.com westpac.com.au; font-src 'self'; object-src 'none'; form-action 'self'; connect-src 'self' https://dpm.demdex.net https://vercel.live/; style-src 'self' 'unsafe-inline'; block-all-mixed-content;"
+          "value": "frame-ancestors 'self'; upgrade-insecure-requests; img-src 'self' blob: data: res.cloudinary.com www.westpac.com.au; font-src 'self'; object-src 'none'; form-action 'self'; connect-src 'self' https://dpm.demdex.net https://vercel.live/; style-src 'self' 'unsafe-inline'; block-all-mixed-content;"
         },
         {
           "key": "X-Content-Type-Options",