Last active
June 2, 2026 13:55
-
-
Save insin/44490fcd7b54097c5ecb483bf32027e6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Inline dataviz iframe content-security-policy header: | |
| default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://esm.sh https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.claude.ai; style-src 'self' 'unsafe-inline' https://esm.sh https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.claude.ai; img-src 'self' data: blob: https://esm.sh https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.claude.ai; connect-src 'self' https://esm.sh https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com; font-src 'self' https://esm.sh https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.claude.ai; media-src 'self' blob: data: https://esm.sh https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.claude.ai; worker-src 'self' blob: https://esm.sh https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.claude.ai; frame-src 'self' blob: data:; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://claude.ai https://preview.claude.ai; form-action 'self'; webrtc 'block'; upgrade-insecure-requests; block-all-mixed-content | |
| Artifact iframe content-security-policy header: | |
| default-src https://www.claudeusercontent.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.claudeusercontent.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/pyodide/ https://cdn.jsdelivr.net/gh/python-visualization/ https://cdn.jsdelivr.net/npm/ https://cdn.tailwindcss.com https://code.jquery.com; connect-src https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/pyodide/ https://cdn.jsdelivr.net/gh/python-visualization/ https://cdn.jsdelivr.net/npm/ https://cdn.tailwindcss.com https://code.jquery.com https://www.claudeusercontent.com; worker-src 'self' https://www.claudeusercontent.com blob:; style-src 'unsafe-inline' 'self' https://www.claudeusercontent.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/npm/ https://cdn.jsdelivr.net/gh/python-visualization/ https://code.jquery.com https://fonts.googleapis.com https://anthropic.com https://*.anthropic.com; img-src https://*.tile.openstreetmap.org/ blob: data: 'self' https://www.claudeusercontent.com; font-src data: 'self' https://www.claudeusercontent.com https://anthropic.com https://*.anthropic.com https://fonts.gstatic.com; frame-src 'self' blob:; object-src 'none'; base-uri https://www.claudeusercontent.com; form-action https://www.claudeusercontent.com; frame-ancestors 'self' https://www.claudeusercontent.com *.anthropic.com anthropic.com *.claude.com claude.com *.ant.dev https://claude.ai https://preview.claude.ai https://claude.site https://feedback.anthropic.com app://localhost; webrtc 'block'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://logs.browser-intake-us5-datadoghq.com/api/v2/logs?dd-api-key=pub71878585a5931c0a7125f59d8339f927&dd-evp-origin=content-security-policy&ddsource=csp-report |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment