|
|
|
@ -11,7 +11,7 @@ const ContentSecurityPolicy = `
|
|
|
|
|
style-src 'self' https://rsms.me 'unsafe-inline';
|
|
|
|
|
child-src https://api.stripe.com;
|
|
|
|
|
frame-src https://js.stripe.com/ https://api.stripe.com https://www.youtube.com/;
|
|
|
|
|
connect-src 'self' wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://api.heroku.com/ https://id.heroku.com/oauth/authorize https://id.heroku.com/oauth/token https://checkout.stripe.com https://app.posthog.com https://api.stripe.com https://api.pwnedpasswords.com http://localhost:*;
|
|
|
|
|
connect-src 'self' wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://api.heroku.com/ https://id.heroku.com/oauth/authorize https://id.heroku.com/oauth/token https://checkout.stripe.com https://app.posthog.com https://api.stripe.com https://api.pwnedpasswords.com http://127.0.0.1:*;
|
|
|
|
|
img-src 'self' https://static.intercomassets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://*.stripe.com https://i.ytimg.com/ data:;
|
|
|
|
|
media-src https://js.intercomcdn.com;
|
|
|
|
|
font-src 'self' https://fonts.intercomcdn.com/ https://maxcdn.bootstrapcdn.com https://rsms.me https://fonts.gstatic.com;
|
|
|
|
|