enable csp reporting
parent
87520fb196
commit
ba661730e7
|
@ -26,7 +26,7 @@ object bits {
|
|||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8"/>
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src https://fonts.googleapis.com 'unsafe-inline'; font-src https://fonts.gstatic.com; script-src 'unsafe-eval' https://cdn.jsdelivr.net blob:; child-src blob:; connect-src https://raw.githubusercontent.com; img-src data: https://lichess.org https://lichess1.org;">
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src https://fonts.googleapis.com 'unsafe-inline'; font-src https://fonts.gstatic.com; script-src 'unsafe-eval' https://cdn.jsdelivr.net blob:; child-src blob:; connect-src https://raw.githubusercontent.com; img-src data: https://lichess.org https://lichess1.org; report-to default;">
|
||||
<title>Lichess HTTP API documentation</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700" rel="stylesheet">
|
||||
|
|
|
@ -66,7 +66,8 @@ case class ContentSecurityPolicy(
|
|||
"worker-src " -> workerSrc,
|
||||
"img-src " -> imgSrc,
|
||||
"script-src " -> scriptSrc,
|
||||
"base-uri " -> baseUri
|
||||
"base-uri " -> baseUri,
|
||||
"report-to " -> List("default")
|
||||
) collect {
|
||||
case (directive, sources) if sources.nonEmpty =>
|
||||
sources.mkString(directive, " ", ";")
|
||||
|
|
Loading…
Reference in New Issue