Adjusted CSP

diff --git a/dist/.htaccess b/dist/.htaccess
index f2b39dcff24e066f85a32403e1204c9a4a37b0e9..1465ae0999ded344d0123d503f089b5d7e128043 100644 (file)
--- a/dist/.htaccess
+++ b/dist/.htaccess
@@ -17,14 +17,13 @@ ErrorDocument 502 /pages/error.html?code=502
 ErrorDocument 503 /pages/error.html?code=503
 ErrorDocument 504 /pages/error.html?code=504
 
-# Security Headers
+# Security Headers for slayer.unlishema.org
 <IfModule mod_headers.c>
     Header set X-Content-Type-Options "nosniff"
     Header set X-XSS-Protection "1; mode=block"
-    Header set X-Frame-Options "SAMEORIGIN"
     Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
     Header set Referrer-Policy "strict-origin-when-cross-origin"
-    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'"
+    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors https://unlishema.org https://*.unlishema.org"
     Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
 </IfModule>
 

diff --git a/dist/pages/data/version.json b/dist/pages/data/version.json
index e8918ee394c0606890e0413e7e71379f8dfbce4e..e556d5ff65981b456dd44add1690bff5684e7829 100644 (file)
--- a/dist/pages/data/version.json
+++ b/dist/pages/data/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "0.0.27"
+  "version": "0.0.28"
 }
\ No newline at end of file

diff --git a/src/.htaccess b/src/.htaccess
index f2b39dcff24e066f85a32403e1204c9a4a37b0e9..1465ae0999ded344d0123d503f089b5d7e128043 100644 (file)
--- a/src/.htaccess
+++ b/src/.htaccess
@@ -17,14 +17,13 @@ ErrorDocument 502 /pages/error.html?code=502
 ErrorDocument 503 /pages/error.html?code=503
 ErrorDocument 504 /pages/error.html?code=504
 
-# Security Headers
+# Security Headers for slayer.unlishema.org
 <IfModule mod_headers.c>
     Header set X-Content-Type-Options "nosniff"
     Header set X-XSS-Protection "1; mode=block"
-    Header set X-Frame-Options "SAMEORIGIN"
     Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
     Header set Referrer-Policy "strict-origin-when-cross-origin"
-    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'"
+    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors https://unlishema.org https://*.unlishema.org"
     Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
 </IfModule>
 

diff --git a/src/pages/data/version.json b/src/pages/data/version.json
index e8918ee394c0606890e0413e7e71379f8dfbce4e..e556d5ff65981b456dd44add1690bff5684e7829 100644 (file)
--- a/src/pages/data/version.json
+++ b/src/pages/data/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "0.0.27"
+  "version": "0.0.28"
 }
\ No newline at end of file