Skip to content

Commit

Permalink
Allow data: URLs for CSP font-src
Browse files Browse the repository at this point in the history
  • Loading branch information
@mjradwin
mjradwin committed Sep 11, 2024
1 parent 5f4ff40 commit 4a0d0da
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
8 changes: 4 additions & 4 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,18 +55,18 @@
"@hebcal/locales": "^5.0.1",
"@hebcal/rest-api": "^5.1.2",
"@hebcal/triennial": "^5.1.2",
"better-sqlite3": "^11.2.1",
"better-sqlite3": "^11.3.0",
"dayjs": "^1.11.13",
"ejs": "^3.1.10",
"emoji-flag": "^1.1.0",
"etag": "^1.8.1",
"fastest-levenshtein": "^1.0.16",
"geo-tz": "^8.0.2",
"geo-tz": "^8.1.1",
"geolite2-redist": "^3.1.1",
"google-protobuf": "^3.21.4",
"haversine": "^1.1.1",
"http-errors": "^2.0.0",
"ini": "^4.1.3",
"ini": "^5.0.0",
"koa": "^2.15.3",
"koa-better-response-time": "^1.2.0",
"koa-bodyparser": "^4.4.1",
Expand All @@ -79,7 +79,7 @@
"koa-timeout-v2": "^1.0.0",
"maxmind": "^4.3.21",
"murmurhash3": "^0.5.0",
"mysql2": "^3.11.0",
"mysql2": "^3.11.1",
"nodemailer": "^6.9.15",
"nodemailer-html-to-text": "^3.2.0",
"pdfkit": "^0.15.0",
Expand Down
2 changes: 1 addition & 1 deletion src/app-www.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ app.use(async function strictContentSecurityPolicy(ctx, next) {
` frame-ancestors https: data:;` +
` frame-src https: data:;` +
` img-src 'self' https: data:;` +
` font-src 'self' https://fonts.gstatic.com/;` +
` font-src 'self' data: https://fonts.gstatic.com/;` +
` object-src 'none';` +
` base-uri 'none'`;
ctx.set('Content-Security-Policy', csp);
Expand Down

0 comments on commit 4a0d0da

Please sign in to comment.