From fbd1b1f1fd8566c293fed8d909802f91e89b5309 Mon Sep 17 00:00:00 2001 From: Nicolas DUBIEN Date: Sun, 1 Dec 2024 11:03:16 +0100 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=94=A7=20Allow=20Bluesky=20calls=20fr?= =?UTF-8?q?om=20the=20blog?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build-status.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build-status.yml b/.github/workflows/build-status.yml index e95cbed87e6..9ff3dcfa58b 100644 --- a/.github/workflows/build-status.yml +++ b/.github/workflows/build-status.yml @@ -546,8 +546,7 @@ jobs: - name: Configure custom headers run: | echo "/*" > artifacts/_headers - echo " Content-Security-Policy: default-src 'none'; img-src 'self' data: badge.fury.io *.cloudfront.net img.shields.io raw.githubusercontent.com www.netlify.com api.securityscorecards.dev bestpractices.coreinfrastructure.org www.bestpractices.dev;connect-src *.algolia.net *.algolianet.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src *.codesandbox.io www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; manifest-src 'self'; base-uri fast-check.dev;" >> artifacts/_headers - echo "/api-reference/*" >> artifacts/_headers + echo " Content-Security-Policy: default-src 'none'; img-src 'self' data: badge.fury.io *.cloudfront.net img.shields.io raw.githubusercontent.com www.netlify.com api.securityscorecards.dev bestpractices.coreinfrastructure.org www.bestpractices.dev;connect-src *.algolia.net *.algolianet.com *.api.bsky.app;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src *.codesandbox.io www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; manifest-src 'self'; base-uri fast-check.dev;" >> artifacts/_headers echo "/api-reference/*" >> artifacts/_headers echo " Content-Security-Policy: default-src 'none'; img-src 'self' data:; connect-src data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" >> artifacts/_headers - name: Compress documentation artifacts as zip run: zip -r artifacts.zip artifacts From bde28ff327ab9536387143802301d0c03d8e37c1 Mon Sep 17 00:00:00 2001 From: Nicolas DUBIEN Date: Sun, 1 Dec 2024 11:04:09 +0100 Subject: [PATCH 2/2] Update build-status.yml --- .github/workflows/build-status.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-status.yml b/.github/workflows/build-status.yml index 9ff3dcfa58b..b1cc057228e 100644 --- a/.github/workflows/build-status.yml +++ b/.github/workflows/build-status.yml @@ -546,7 +546,8 @@ jobs: - name: Configure custom headers run: | echo "/*" > artifacts/_headers - echo " Content-Security-Policy: default-src 'none'; img-src 'self' data: badge.fury.io *.cloudfront.net img.shields.io raw.githubusercontent.com www.netlify.com api.securityscorecards.dev bestpractices.coreinfrastructure.org www.bestpractices.dev;connect-src *.algolia.net *.algolianet.com *.api.bsky.app;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src *.codesandbox.io www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; manifest-src 'self'; base-uri fast-check.dev;" >> artifacts/_headers echo "/api-reference/*" >> artifacts/_headers + echo " Content-Security-Policy: default-src 'none'; img-src 'self' data: badge.fury.io *.cloudfront.net img.shields.io raw.githubusercontent.com www.netlify.com api.securityscorecards.dev bestpractices.coreinfrastructure.org www.bestpractices.dev;connect-src *.algolia.net *.algolianet.com *.api.bsky.app;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src *.codesandbox.io www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; manifest-src 'self'; base-uri fast-check.dev;" >> artifacts/_headers + echo "/api-reference/*" >> artifacts/_headers echo " Content-Security-Policy: default-src 'none'; img-src 'self' data:; connect-src data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" >> artifacts/_headers - name: Compress documentation artifacts as zip run: zip -r artifacts.zip artifacts