janrenn · June 23, 2017 13:39
diff --git a/.htaccess b/.htaccess
    #common
    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.avvo.com *.bbb.org *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.newrelic.com *.nr-data.net *.olark.com *.twitter.com *.wp.com *.youtube.com *.ytimg.com *.cloudflare.com *.amazonaws.com *.googleapis.com; style-src 'unsafe-inline' * data:; img-src * data:; font-src 'unsafe-inline' * data:; frame-src 'self' *.avvo.com *.bbb.org *.doubleclick.net *.facebook.com *.googletagmanager.com *.olark.com *.wp.com *.youtube.com akismet.com example.com; child-src 'self' *.avvo.com *.bbb.org *.doubleclick.net *.facebook.com *.googletagmanager.com *.olark.com *.wp.com *.youtube.com akismet.com example.com; object-src 'none'; connect-src 'self' *.akismet.com *.bbb.org *.google.com *.olark.com akismet.com;"
    #common+issuu
    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.avvo.com *.bbb.org *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.newrelic.com *.nr-data.net *.olark.com *.twitter.com *.wp.com *.youtube.com *.ytimg.com *.cloudflare.com *.amazonaws.com *.googleapis.com *.issuu.com; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data: 'unsafe-inline'; connect-src 'self' *.akismet.com *.bbb.org *.google.com *.olark.com akismet.com *.issuu.com; object-src 'none'; child-src 'self' *.avvo.com *.bbb.org *.doubleclick.net *.facebook.com *.googletagmanager.com *.olark.com *.wp.com *.youtube.com akismet.com example.com *.issuu.com; frame-src 'self' *.avvo.com *.bbb.org *.doubleclick.net *.facebook.com *.googletagmanager.com *.olark.com *.wp.com *.youtube.com akismet.com example.com *.issuu.com;"
	#common
	Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .avvo.com .bbb.org .facebook.net .google-analytics.com .google.com .googleadservices.com .googlesyndication.com .googletagmanager.com .gravatar.com .gstatic.com .newrelic.com .nr-data.net .olark.com .twitter.com .wp.com .youtube.com .ytimg.com .cloudflare.com .amazonaws.com .googleapis.com; style-src 'unsafe-inline' * data:; img-src * data:; font-src 'unsafe-inline' * data:; frame-src 'self' .avvo.com .bbb.org .doubleclick.net .facebook.com .googletagmanager.com .olark.com .wp.com .youtube.com akismet.com example.com; child-src 'self' .avvo.com .bbb.org .doubleclick.net .facebook.com .googletagmanager.com .olark.com .wp.com .youtube.com akismet.com example.com; object-src 'none'; connect-src 'self' .akismet.com .bbb.org .google.com .olark.com akismet.com;"
	#common+issuu
	Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .avvo.com .bbb.org .facebook.net .google-analytics.com .google.com .googleadservices.com .googlesyndication.com .googletagmanager.com .gravatar.com .gstatic.com .newrelic.com .nr-data.net .olark.com .twitter.com .wp.com .youtube.com .ytimg.com .cloudflare.com .amazonaws.com .googleapis.com .issuu.com; style-src data: 'unsafe-inline'; img-src * data:; font-src * data: 'unsafe-inline'; connect-src 'self' .akismet.com .bbb.org .google.com .olark.com akismet.com .issuu.com; object-src 'none'; child-src 'self' .avvo.com .bbb.org .doubleclick.net .facebook.com .googletagmanager.com .olark.com .wp.com .youtube.com akismet.com example.com .issuu.com; frame-src 'self' .avvo.com .bbb.org .doubleclick.net .facebook.com .googletagmanager.com .olark.com .wp.com .youtube.com akismet.com example.com *.issuu.com;"