From cd647079083b23c7680b77b30386a83f9dca944e Mon Sep 17 00:00:00 2001 From: Alexander Tarasov Date: Mon, 31 Jul 2023 19:16:48 +0200 Subject: [PATCH] CSP: allow iframes of `demo.arcade.software` (#7439) --- vercel.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vercel.json b/vercel.json index 3e1d2f8f33048..bf1b286774807 100644 --- a/vercel.json +++ b/vercel.json @@ -17,7 +17,7 @@ }, { "key": "Content-Security-Policy", - "value": "upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentry-cdn.com googleads.g.doubleclick.net m.servedby-buysellads.com www.googletagmanager.com plausible.io *.plausible.io; connect-src 'self' *.sentry.io sentry.io adservice.google.com *.algolia.net *.algolianet.com *.algolia.io plausible.io *.plausible.io reload.getsentry.net stats.g.doubleclick.net vitals.vercel-analytics.com; img-src * 'self' data: www.google.com img.youtube.com www.googletagmanager.com plausible.io *.plausible.io; style-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com; frame-src player.vimeo.com; worker-src blob:; report-uri https://o1.ingest.sentry.io/api/1297620/security/?sentry_key=b3cfba5788cb4c138f855c8120f70eab" + "value": "upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentry-cdn.com googleads.g.doubleclick.net m.servedby-buysellads.com www.googletagmanager.com plausible.io *.plausible.io; connect-src 'self' *.sentry.io sentry.io adservice.google.com *.algolia.net *.algolianet.com *.algolia.io plausible.io *.plausible.io reload.getsentry.net stats.g.doubleclick.net vitals.vercel-analytics.com; img-src * 'self' data: www.google.com img.youtube.com www.googletagmanager.com plausible.io *.plausible.io; style-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com; frame-src demo.arcade.software player.vimeo.com; worker-src blob:; report-uri https://o1.ingest.sentry.io/api/1297620/security/?sentry_key=b3cfba5788cb4c138f855c8120f70eab" } ] }