fix Content Security Policy for search and fonts closes #200

Search is still hosted only on https://staging.f-droid.org, which can be removed from the CSP once https://f-droid.org/search is available.
parent ad77f339
Pipeline #18734675 failed with stage
in 20 minutes 16 seconds
......@@ -262,13 +262,12 @@ Header always set Content-Security-Policy: "\
\
base-uri 'self'; \
block-all-mixed-content; \
child-src 'none'; \
connect-src 'self'; \
form-action 'self'; \
font-src 'self'; \
form-action 'self' https://staging.f-droid.org; \
frame-ancestors 'self'; \
img-src 'self' https://f-droid.org https://fdroid.gitlab.io; \
media-src 'self'; \
object-src 'none'; \
script-src 'self'; \
style-src 'self' 'unsafe-inline'; \
"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment