Merge pull request #2124 from bfodeke/ITMKTGDES-1044-update-csp-for-a…

…a-testing ITMKTGDES-1044: Add SHA and frame src to CSP
quarkusio · Sep 25, 2024 · 31b414d · 31b414d
2 parents 382ec7a + fc7279b
commit 31b414d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/_layouts/base.html b/_layouts/base.html
@@ -31,8 +31,8 @@
   <title>{{ page.title }}{{ page_title_version_suffix }}{% unless page_title_starts_with_quarkus or page_title_ends_with_quarkus %} - Quarkus{% endunless %}</title>
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1">
-  <meta http-equiv="Content-Security-Policy" content="default-src https://dpm.demdex.net https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/ {{ site.search.host }}; script-src 'self' 'unsafe-eval' {{ search_script }} 'sha256-ANpuoVzuSex6VhqpYgsG25OHWVA1I+F6aGU04LoI+5s=' 'sha256-ipy9P/3rZZW06mTLAR0EnXvxSNcnfSDPLDuh3kzbB1w=' 'sha256-+5qDxnbsqhFKZIIfofMhmVgNChsVrKoHUdaQ2EMs9aU=' js.bizographics.com https://www.redhat.com https://static.redhat.com assets.adobedtm.com https://app.requestly.io/ jsonip.com https://ajax.googleapis.com https://use.fontawesome.com https://app.mailjet.com http://www.youtube.com http://www.googleadservices.com https://googleads.g.doubleclick.net https://dpm.demdex.net https://giscus.app https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self'
-  https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/ * data:; media-src 'self'; frame-src  https://www.youtube.com https://embed.restream.io https://app.mailjet.com http://xy0p2.mjt.lu https://mj.quarkus.io https://giscus.app; base-uri 'none'; object-src 'none'; form-action 'none'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com;" />
+  <meta http-equiv="Content-Security-Policy" content="default-src https://dpm.demdex.net https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/ {{ site.search.host }}; script-src 'self' 'unsafe-eval' {{ search_script }} 'sha256-ANpuoVzuSex6VhqpYgsG25OHWVA1I+F6aGU04LoI+5s=' 'sha256-ipy9P/3rZZW06mTLAR0EnXvxSNcnfSDPLDuh3kzbB1w=' 'sha256-+5qDxnbsqhFKZIIfofMhmVgNChsVrKoHUdaQ2EMs9aU=' 'sha256-9GX2EYB8fryOX9sALbWzZ7TVEZjRANod3mzT9mJK2A0=' 'sha256-RqEzO7A/IXS1BIUL4ZdgDljo0D5dRmBT22Oe7buZDT8=' 'sha256-OOu4endfeFMVqh4Q00S7byTqB4q1D6GextRjoysxGbg=' 'sha256-ioF25X2HdUdCugCVyJjxXVOma9G9P15kHxEDtSRNluE=' 'sha256-PeUeMwkRRyljEhJ9YfrDnY7Fs7YaSekiWO+UaJHD6P4=' 'sha256-/l3yGVvvIIlcKqPU1Ix7WzsjlDZYxSTUgNauy7yiunY=' js.bizographics.com https://www.redhat.com https://static.redhat.com assets.adobedtm.com https://app.requestly.io/ jsonip.com https://ajax.googleapis.com https://use.fontawesome.com https://app.mailjet.com http://www.youtube.com http://www.googleadservices.com https://googleads.g.doubleclick.net https://dpm.demdex.net https://giscus.app https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self'
+  https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/ * data:; media-src 'self'; frame-src https://redhat.demdex.net https://www.youtube.com https://embed.restream.io https://app.mailjet.com http://xy0p2.mjt.lu https://mj.quarkus.io https://giscus.app; base-uri 'none'; object-src 'none'; form-action 'none'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com;" />
   <script id="adobe_dtm" src="https://www.redhat.com/dtm.js" type="text/javascript"></script>
   <script src="{{ '/assets/javascript/highlight.pack.js' | relative_url }}" type="text/javascript"></script>
   <META HTTP-EQUIV='X-XSS-Protection' CONTENT="1; mode=block">