From 302fa154f4cd364881a4d5ee3696a314fdf0be1f Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 5 May 2019 10:06:27 -0400 Subject: [PATCH] add back connect-src 'self' for Lighthouse This reverts commit d30566d8f6597fad50c950fdc7bee1f809445512. This is needed by Lighthouse to fetch robots.txt and it's worth making a harmless exception for it to work properly. https://github.com/GoogleChrome/lighthouse/issues/4386 --- static/.htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/.htaccess b/static/.htaccess index 2e10d43e..a999b39b 100644 --- a/static/.htaccess +++ b/static/.htaccess @@ -1,6 +1,6 @@ Options -indexes -Header always set Content-Security-Policy "default-src 'none'; connect-src https://seamlessupdate.app/; \ +Header always set Content-Security-Policy "default-src 'none'; connect-src 'self' https://seamlessupdate.app/; \ font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; \ form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'; \ report-uri https://danielmicay.report-uri.com/r/d/csp/enforce"