From e7909cc84bb44b3dae7240bbe2765ce565c9b1cb Mon Sep 17 00:00:00 2001 From: Jonatan Nilsson Date: Thu, 12 May 2022 16:40:14 +0000 Subject: [PATCH] flaska: Add better default font-src with self and data: support. --- flaska.mjs | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flaska.mjs b/flaska.mjs index 7edc929..49707ea 100644 --- a/flaska.mjs +++ b/flaska.mjs @@ -626,7 +626,7 @@ export class Flaska { defaultHeaders: opts.defaultHeaders || { 'Server': 'Flaska', 'X-Content-Type-Options': 'nosniff', - 'Content-Security-Policy': `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'`, + 'Content-Security-Policy': `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'`, 'Cross-Origin-Opener-Policy': 'same-origin', 'Cross-Origin-Resource-Policy': 'same-origin', 'Cross-Origin-Embedder-Policy': 'require-corp', diff --git a/package.json b/package.json index 43c48c5..dd8d188 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "flaska", - "version": "1.2.3", + "version": "1.2.4", "description": "Flaska is a micro web-framework for node. It is designed to be fast, simple and lightweight, and is distributed as a single file module with no dependencies.", "main": "flaska.mjs", "scripts": {