Skip to content

Commit 829c86c

Browse files
authoredDec 2, 2024··
miscweb: add more CSP exceptions for demos.jquerymobile.com
- script-src: load scripts from code.jquery.com - style-src: allow some inline styles on certain pages - style-src: allow styles from code.jquery.com - img-src: allow images from code.jquery.com Ref gh-54 Closes gh-69
1 parent b8f77ae commit 829c86c

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed
 

‎hieradata/environments/production/roles/miscweb.yaml

+7-1
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,15 @@ profile::miscweb::sites:
1919
branch: main
2020
allow_php: true
2121
# script-src: unsafe-eval for syntax highlighting on all pages
22+
# script-src: unsafe-inline for popup page
23+
# script-src: load scripts from code.jquery.com
2224
# img-src: data: for inline SVGs
25+
# img-src: load images from code.jquery.com
2326
# style-src|font-src: load fonts from Google Fonts
24-
csp_header: default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; report-uri https://csp-report-api.openjs-foundation.workers.dev/; report-to csp-endpoint
27+
# style-src: load styles from code.jquery.com
28+
# style-src: unsafe-inline for supports tests in
29+
# jQuery 1.7.3 and jQuery Mobile 1.3.0
30+
csp_header: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com; img-src 'self' code.jquery.com data:; style-src 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com; report-uri https://csp-report-api.openjs-foundation.workers.dev/; report-to csp-endpoint
2531
podcast.jquery.com:
2632
repository:
2733
name: jquery/podcast.jquery.com

0 commit comments

Comments
 (0)
Please sign in to comment.