From a081c8a434ff4809824cd9e1b22ae8fa670bec94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elif=20Meri=C3=A7?= Date: Tue, 5 Nov 2024 09:16:57 +0300 Subject: [PATCH] Add frame-ancestor and cloudflare insights to CSP --- src/prpl.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/prpl.ts b/src/prpl.ts index 14d235f..5661adf 100644 --- a/src/prpl.ts +++ b/src/prpl.ts @@ -137,6 +137,7 @@ export function makeHandler(root?: string, config?: Config): ( "https://digiavantaj.cake.aclz.net", "*.efilli.com", "https://analytics.tiktok.com", + "*.cloudflareinsights.com" ]; const frameSrcAllowedHosts = [ @@ -293,6 +294,7 @@ export function makeHandler(root?: string, config?: Config): ( + "font-src 'self' data: https://fonts.gstatic.com ; " + `img-src data: blob: 'self' 'unsafe-inline' https://*.migrosone.com ${imageSrcAllowedHosts.join(' ')} ; ` + `frame-src ${frameSrcAllowedHosts.join(' ')} ; ` + + "frame-ancestor 'self https://*.migros.com.tr" + `style-src 'self' 'unsafe-inline' ${styleSrcAllowedHosts.join(' ')} ;` + `manifest-src 'self' ; ` + "worker-src 'self' blob: ;"