flaska: Add better default font-src with self and data: support.
Some checks failed
continuous-integration/appveyor/branch AppVeyor build failed

This commit is contained in:
Jonatan Nilsson 2022-05-12 16:40:14 +00:00
parent 4820347cfb
commit e7909cc84b
2 changed files with 2 additions and 2 deletions

View file

@ -626,7 +626,7 @@ export class Flaska {
defaultHeaders: opts.defaultHeaders || {
'Server': 'Flaska',
'X-Content-Type-Options': 'nosniff',
'Content-Security-Policy': `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'`,
'Content-Security-Policy': `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'`,
'Cross-Origin-Opener-Policy': 'same-origin',
'Cross-Origin-Resource-Policy': 'same-origin',
'Cross-Origin-Embedder-Policy': 'require-corp',

View file

@ -1,6 +1,6 @@
{
"name": "flaska",
"version": "1.2.3",
"version": "1.2.4",
"description": "Flaska is a micro web-framework for node. It is designed to be fast, simple and lightweight, and is distributed as a single file module with no dependencies.",
"main": "flaska.mjs",
"scripts": {