From 880dcba992c1fcd31cc286bc9b762445c46c34bb Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 21 Jul 2022 23:00:00 -0400 Subject: [PATCH] Update netlify.toml Signed-off-by: Tommy --- netlify.toml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/netlify.toml b/netlify.toml index ed01bc6..be4f4cf 100644 --- a/netlify.toml +++ b/netlify.toml @@ -2,11 +2,10 @@ for = "/*" [headers.values] Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" - Content-Security-Policy = "default-src 'none'; connect-src 'self'; img-src 'self'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; frame-src www.youtube-nocookie.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" + Content-Security-Policy = "default-src 'none'; connect-src 'self'; img-src 'self'; script-src-elem 'self'; style-src-elem 'self'; frame-src www.youtube-nocookie.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" X-Content-Type-Options = "nosniff" Referrer-Policy = "no-referrer" Cross-Origin-Opener-Policy = "same-origin" - Cross-Origin-Embedder-Policy = "require-corp" X-Frame-Options = "DENY" X-XSS-Protection = "0" Permissions-Policy = "accelerometer=(), autoplay=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"