Last active
February 9, 2025 20:46
-
-
Save Nooshu/472183d0586a52dd79e0c7d8140ddac6 to your computer and use it in GitHub Desktop.
This is the code I used to tweak my CSP response header on my local development environment.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This is my site's Content Security Policy. | |
| // Modify this CSP, don't just copy / paste it! It will break your site! | |
| // You can also use `var` and `let` depending on your coding syntax, they all work | |
| const CSP = ` | |
| base-uri 'self'; | |
| child-src 'self'; | |
| connect-src 'none'; | |
| default-src 'none'; | |
| img-src 'self' https://v1.indieweb-avatar.11ty.dev/; | |
| font-src 'self'; | |
| form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq; | |
| frame-ancestors 'self'; | |
| frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self'; | |
| media-src 'self'; | |
| object-src 'none'; | |
| script-src 'self' https://ajax.cloudflare.com https://giscus.app/ https://www.google.com/ https://www.gstatic.com/; | |
| style-src 'self' https://giscus.app/; | |
| worker-src 'self';`.replaceAll('\n', ' '); | |
| // This is the middleware for our 11ty development server | |
| eleventyConfig.setServerOptions({ | |
| middleware: [(req, res, next) => { | |
| if (req.url.endsWith('.html') || req.url === '/') { | |
| res.setHeader('Content-Type', 'text/html; charset=UTF-8'); | |
| res.setHeader('Content-Security-Policy', CSP); | |
| } | |
| next(); | |
| }] | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment