From: unlishema <unlishema@jtryba.com>
Date: Sat, 23 Nov 2024 09:40:52 +0000 (-0500)
Subject: Adjusted CSP
X-Git-Url: https://git.slayer.unlishema.org/?a=commitdiff_plain;h=8318972f6326e4f54776e0b1ee94493263916e25;p=slayer.unlishema.org%2F.git

Adjusted CSP
---

diff --git a/dist/.htaccess b/dist/.htaccess
index f2b39dc..1465ae0 100644
--- a/dist/.htaccess
+++ b/dist/.htaccess
@@ -17,14 +17,13 @@ ErrorDocument 502 /pages/error.html?code=502
 ErrorDocument 503 /pages/error.html?code=503
 ErrorDocument 504 /pages/error.html?code=504
 
-# Security Headers
+# Security Headers for slayer.unlishema.org
 <IfModule mod_headers.c>
     Header set X-Content-Type-Options "nosniff"
     Header set X-XSS-Protection "1; mode=block"
-    Header set X-Frame-Options "SAMEORIGIN"
     Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
     Header set Referrer-Policy "strict-origin-when-cross-origin"
-    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'"
+    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors https://unlishema.org https://*.unlishema.org"
     Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
 </IfModule>
 
diff --git a/dist/pages/data/version.json b/dist/pages/data/version.json
index e8918ee..e556d5f 100644
--- a/dist/pages/data/version.json
+++ b/dist/pages/data/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "0.0.27"
+  "version": "0.0.28"
 }
\ No newline at end of file
diff --git a/src/.htaccess b/src/.htaccess
index f2b39dc..1465ae0 100644
--- a/src/.htaccess
+++ b/src/.htaccess
@@ -17,14 +17,13 @@ ErrorDocument 502 /pages/error.html?code=502
 ErrorDocument 503 /pages/error.html?code=503
 ErrorDocument 504 /pages/error.html?code=504
 
-# Security Headers
+# Security Headers for slayer.unlishema.org
 <IfModule mod_headers.c>
     Header set X-Content-Type-Options "nosniff"
     Header set X-XSS-Protection "1; mode=block"
-    Header set X-Frame-Options "SAMEORIGIN"
     Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
     Header set Referrer-Policy "strict-origin-when-cross-origin"
-    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'"
+    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors https://unlishema.org https://*.unlishema.org"
     Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
 </IfModule>
 
diff --git a/src/pages/data/version.json b/src/pages/data/version.json
index e8918ee..e556d5f 100644
--- a/src/pages/data/version.json
+++ b/src/pages/data/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "0.0.27"
+  "version": "0.0.28"
 }
\ No newline at end of file