Skip to content

Commit

Permalink
Merge pull request #1212 from maxmind/kevin/audit-google-csp
Browse files Browse the repository at this point in the history
Update google CSP
PatrickCroninMM authored Oct 11, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents 55f8951 + e33d4ed commit f9d979c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion static/_headers
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
Content-Security-Policy: connect-src 'self' *.googleapis.com *.doubleclick.net https://status.maxmind.com https://www.maxmind.com https://api.hubspot.com https://forms.hscollectedforms.net https://forms.hsforms.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; default-src 'self'; font-src 'self' fonts.gstatic.com; form-action 'self' *.paypal.com; frame-ancestors 'self'; frame-src 'self' *.paypal.com https://app.hubspot.com https://www.google.com www.youtube.com; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://www.maxmind.com *.googleapis.com https://cloud.google.com https://www.gstatic.com https://*.googletagmanager.com www.youtube.com https://www.googleadservices.com https://www.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://www.gstatic.com
Content-Security-Policy: connect-src 'self' https://status.maxmind.com https://www.maxmind.com https://api.hubspot.com https://forms.hscollectedforms.net https://forms.hsforms.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; default-src 'self'; font-src 'self' fonts.gstatic.com; form-action 'self' *.paypal.com; frame-ancestors 'self'; frame-src 'self' *.paypal.com https://app.hubspot.com https://www.google.com www.youtube.com https://td.doubleclick.net https://www.googletagmanager.com; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://www.maxmind.com https://cloud.google.com https://www.gstatic.com www.youtube.com https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com
Feature-Policy: accelerometer 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; sync-xhr 'none'
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
Referrer-Policy: strict-origin-when-cross-origin

0 comments on commit f9d979c

Please sign in to comment.