Merge pull request #448 from DIVD-NL/403-new-subsite-why-our-work-mat…

…ters

403 - Added cyberveilignederland to CSP

hugo.yaml

@@ -32,5 +32,5 @@ server:
         X-Frame-Options: "DENY"
         X-Content-Type-Options: "nosniff"
         X-XSS-Protection: "1; mode=block"
-        Content-Security-Policy: "default-src 'none'; frame-src https://form.jotform.com https://eu-submit.jotform.com https://divd.goatcounter.com/count; font-src 'self'; img-src 'self' data: https://cdn.theorg.com; script-src 'self' https://form.jotform.com https://unpkg.com/ https://gc.zgo.at; style-src 'self'; connect-src 'self' https://divd.goatcounter.com/count; base-uri 'self'; frame-ancestors 'self'; form-action 'self';"
+        Content-Security-Policy: "default-src 'none'; frame-src https://form.jotform.com https://eu-submit.jotform.com https://divd.goatcounter.com/count https://cyberveilignederland.nl/woordenboek.iframe; font-src 'self'; img-src 'self' data: https://cdn.theorg.com; script-src 'self' https://form.jotform.com https://unpkg.com/ https://gc.zgo.at; style-src 'self'; connect-src 'self' https://divd.goatcounter.com/count; base-uri 'self'; frame-ancestors 'self'; form-action 'self';"
         Referrer-Policy: "same-origin"

static/.htaccess

@@ -12,7 +12,7 @@ Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains
 Header always append X-Frame-Options DENY
 Header set X-Content-Type-Options nosniff
 Header set X-XSS-Protection "1; mode=block"
-Header set Content-Security-Policy "default-src 'none'; frame-src https://form.jotform.com https://eu-submit.jotform.com; font-src 'self'; img-src 'self' data: https://cdn.theorg.com https://divd.goatcounter.com/count; script-src 'self' https://form.jotform.com https://unpkg.com/ https://gc.zgo.at; style-src 'self'; connect-src 'self' https://divd.goatcounter.com/count; base-uri 'self'; frame-ancestors 'self'; form-action 'self';"
+Header set Content-Security-Policy "default-src 'none'; frame-src https://form.jotform.com https://eu-submit.jotform.com https://cyberveilignederland.nl/woordenboek.iframe; font-src 'self'; img-src 'self' data: https://cdn.theorg.com https://divd.goatcounter.com/count; script-src 'self' https://form.jotform.com https://unpkg.com/ https://gc.zgo.at; style-src 'self'; connect-src 'self' https://divd.goatcounter.com/count; base-uri 'self'; frame-ancestors 'self'; form-action 'self';"
 Header always set Referrer-Policy "same-origin"
 
 # Error document