Added CSP rules for tldraw-client
default-src 'self' - Specifies the default source for content not explicitly specified by other directives
script-src 'self' - 'nonce-$request_id and strict-dynamic
style-src 'self' unsafe-inline - Specifies valid sources for stylesheets
img-src 'self' data - Defines valid sources for images. It allows images from the same origin ('self'),
font-src 'self' data - Specifies valid sources for fonts
frame-src 'self' - Defines valid sources for embedding frames (for future)
object-src 'none' - Specifies valid sources for embedded objects
base-uri 'self' - Defines a set of allowed URLs which can be used in the src attribute of a HTML base tag
Description
Added CSP rules for tldraw-client default-src 'self' - Specifies the default source for content not explicitly specified by other directives script-src 'self' - 'nonce-$request_id and strict-dynamic style-src 'self' unsafe-inline - Specifies valid sources for stylesheets img-src 'self' data - Defines valid sources for images. It allows images from the same origin ('self'), font-src 'self' data - Specifies valid sources for fonts frame-src 'self' - Defines valid sources for embedding frames (for future) object-src 'none' - Specifies valid sources for embedded objects base-uri 'self' - Defines a set of allowed URLs which can be used in the src attribute of a HTML base tag
Links to Tickets or other pull requests
Changes
Datasecurity
Deployment
New Repos, NPM pakages or vendor scripts
Screenshots of UI changes
Approval for review