Skip to content

Commit

Permalink
fix: Fix CSP for libravatar
Browse files Browse the repository at this point in the history
  • Loading branch information
kumy committed May 23, 2024
1 parent ae45c46 commit e1f5850
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions website/app/GeoKrety/Assets.php
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ public function __construct(?Template $template = null) {
header(
'Content-Security-Policy: '
.sprintf('script-src \'nonce-%s\' \'strict-dynamic\'; ', $nonce)
.sprintf('img-src \'self\' data: %s %s https://www.gstatic.com/recaptcha/ https://tile.openstreetmap.org https://cdn.crowdin.com/jipt/images/ https://crowdin-static.downloads.crowdin.com/avatar/; ', GK_CDN_SERVER_URL, GK_MINIO_SERVER_URL_EXTERNAL)
.sprintf('img-src \'self\' data: %s %s https://www.gstatic.com/recaptcha/ https://tile.openstreetmap.org https://cdn.crowdin.com/jipt/images/ https://seccdn.libravatar.org/avatar/ https://crowdin-static.downloads.crowdin.com/avatar/; ', GK_CDN_SERVER_URL, GK_MINIO_SERVER_URL_EXTERNAL)
.'frame-src https://www.google.com/ https://crowdin.com; '
.sprintf('style-src \'self\' \'nonce-%s\'; ', $nonce)
.sprintf('style-src-elem \'self\' \'unsafe-inline\' %s https://cdn.crowdin.com/jipt/jipt.css https://fonts.googleapis.com/css; ', GK_CDN_SERVER_URL)
Expand All @@ -30,7 +30,7 @@ public function __construct(?Template $template = null) {
header(
'Content-Security-Policy: '
.sprintf('script-src \'nonce-%s\' \'strict-dynamic\'; ', $nonce)
.sprintf('img-src \'self\' data: %s %s https://www.gstatic.com/recaptcha/ https://tile.openstreetmap.org; ', GK_CDN_SERVER_URL, GK_MINIO_SERVER_URL_EXTERNAL)
.sprintf('img-src \'self\' data: %s %s https://www.gstatic.com/recaptcha/ https://tile.openstreetmap.org https://seccdn.libravatar.org/avatar/; ', GK_CDN_SERVER_URL, GK_MINIO_SERVER_URL_EXTERNAL)
.'frame-src https://www.google.com/; '
.sprintf('style-src \'self\' \'nonce-%s\'; ', $nonce)
.sprintf('style-src-elem \'self\' \'unsafe-inline\' %s; ', GK_CDN_SERVER_URL)
Expand Down

0 comments on commit e1f5850

Please sign in to comment.