-
Notifications
You must be signed in to change notification settings - Fork 162
Expand file tree
/
Copy pathcontent-security-policy.config.js
More file actions
105 lines (105 loc) · 3.14 KB
/
content-security-policy.config.js
File metadata and controls
105 lines (105 loc) · 3.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
export default {
// hardening
"base-uri": ["'self'", "https://kestra.io"],
"object-src": ["'none'"],
"script-src-attr": ["'unsafe-inline'"],
"default-src": [
"'self'",
"https://*.cr-relay.com",
"https://*.kestra-io.pages.dev",
"https://kestra.io",
],
// scripts
"script-src": [
"'self'",
"'wasm-unsafe-eval'",
"'unsafe-inline'",
"ajax.cloudflare.com",
"static.cloudflareinsights.com",
"https://*.cr-relay.com",
"https://*.kestra-io.pages.dev",
"https://*.hs-analytics.net",
"https://*.hs-banner.com",
"https://*.hs-scripts.com",
"https://*.hsadspixel.net",
"https://*.hubspot.com",
"https://kestra.io",
"https://*.kestra.io",
"https://*.licdn.com",
"https://*.googletagmanager.com",
"https://*.redditstatic.com",
"https://*.hs-scripts.com",
"https://*.hsforms.net",
"https://*.hsappstatic.net",
"https://www.google.com/recaptcha/",
"https://www.gstatic.com/recaptcha/",
"https://jobs.ashbyhq.com/",
],
// styles & fonts
"style-src": ["'self'", "https:", "'unsafe-inline'"],
"font-src": ["'self'", "https:", "data:"],
// images
"img-src": [
"'self'",
"data:",
"blob:",
"https://*.google.fr",
"https://*.google.com",
"https://*.linkedin.com",
"https://*.ads.linkedin.com",
"https://*.reddit.com",
"https://*.hubspot.com",
"https://*.hsforms.com",
"https://*.googleapis.com",
"https://*.ytimg.com",
"https://*.googletagmanager.com",
"https://*.githubusercontent.com/",
],
// forms
"form-action": ["'self'", "https://*.hsforms.com", "https://*.hsforms.net"],
// iframes
"frame-src": [
"'self'",
"data:",
"https://*.google.com",
"https://*.youtube.com",
"https://*.googletagmanager.com",
"https://*.kestra.io/",
"https://*.arcade.software",
"https://*.hubspot.com",
"https://*.hsforms.com",
"https://*.hsforms.net",
"http://*.hsforms.net",
"https://jobs.ashbyhq.com/",
],
"connect-src": [
"'self'",
"cloudflareinsights.com",
"ws://localhost:4000",
"https://kestra.io",
"https://*.kestra.io",
"https://*.google.com",
"https://*.reddit.com",
"https://*.redditstatic.com",
"https://*.hubspot.com",
"https://*.hubapi.com",
"https://*.cr-relay.com",
"https://*.ads.linkedin.com",
"https://*.hsappstatic.net",
"https://unpkg.com",
"https://*.jsdelivr.net",
"https://*.hs-scripts.com",
"https://*.hsforms.net",
"https://*.hsforms.com",
"https://*.s3.amazonaws.com",
"https://*.g.doubleclick.net",
"https://*.g.doubleclick.com",
"https://*.ipify.org",
"https://*.github.com",
"https://jobs.ashbyhq.com/",
],
// workers
"worker-src": ["'self'", "blob:"],
// mixed content
"upgrade-insecure-requests": true,
}