Closed jonaharagon closed 1 year ago
The CSP needs to be changed to:
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src data: https://discuss.techlore.tech 'self'; connect-src https://*.techlore.tech https://raw.githubusercontent.com 'self'; frame-src https://www.youtube-nocookie.com https://*.techlore.tech; frame-ancestors 'self'; manifest-src 'self';
The permissions policy header is completely invalid and should be set to:
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=()
The CSP needs to be changed to:
The permissions policy header is completely invalid and should be set to: