Skip to content

Commit

Permalink
Remove unsafe-eval CSP directive for scripts
Browse files Browse the repository at this point in the history
  • Loading branch information
@cloudlena
cloudlena committed Oct 6, 2023
1 parent ee89e7d commit 1c8494b
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 7 deletions.
12 changes: 6 additions & 6 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion svelte.config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,14 @@ const config = {
csp: {
directives: {
'default-src': ['self'],
'script-src': ['unsafe-eval', 'unsafe-inline', 'self'],
'script-src': ['unsafe-inline', 'self'],
'style-src': ['unsafe-inline', 'self'],
'img-src': ['self', 'data:'],
'font-src': ['self', 'data:'],
'connect-src': ['*'],
'object-src': ['none'],
'frame-ancestors': ['none'],
'base-uri': ['none'],
'form-action': ['https://formspree.io']
}
}
Expand Down

0 comments on commit 1c8494b

Please sign in to comment.