chore: update CSP to allow Twitter embeds

safe-global · Dec 10, 2024 · 0275146 · 0275146
1 parent e47c552
commit 0275146
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/config/securityHeaders.ts b/src/config/securityHeaders.ts
@@ -12,13 +12,13 @@ export const ContentSecurityPolicy = `
  connect-src 'self' https://*.google-analytics.com https://api.ashbyhq.com/posting-api/job-board/safe.global/ https://ecosystem-database.safe.global/data.json https://ecosystem-database.staging.5afe.dev/data.json https://hub.snapshot.org/graphql https://cdn.contentful.com/spaces/1i5gc724wjeu/ https://metrics.hotjar.io/ https://content.hotjar.io/ wss://ws.hotjar.com https://api.pushwoosh.com/;
  script-src 'self' ${
    IS_PRODUCTION ? '' : "'unsafe-eval'"
- } 'unsafe-inline' https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com;
+ } 'unsafe-inline' https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://platform.twitter.com;
  style-src 'self' 'unsafe-inline';
  font-src 'self';
  object-src 'none';
  base-uri 'none';
  img-src 'self' http://images.ctfassets.net/ https://ecosystem-database.safe.global/logos/ https://ecosystem-database.staging.5afe.dev/logos/ https://safe-claiming-app-data.safe.global/guardians/images/ data:;
- frame-src https://safe.mirror.xyz/ https://www.youtube-nocookie.com/ https://cdn.jwplayer.com/;
+ frame-src https://safe.mirror.xyz/ https://www.youtube-nocookie.com/ https://cdn.jwplayer.com/ https://platform.twitter.com/;
 `
   .replace(/\s{2,}/g, ' ')
   .trim()