fix: can't load external js because of Content Security Policy

2021-12-24 01:37:38 +08:00 · 2021-12-24 01:37:38 +08:00 · f62ff2d51f
commit f62ff2d51f
parent 903f2a2f8f
1 changed files with 2 additions and 1 deletions
--- a/next.config.js
+++ b/next.config.js
@ -5,12 +5,13 @@ const withBundleAnalyzer = require('@next/bundle-analyzer')({
 // You might need to insert additional domains in script-src if you are using external services
 const ContentSecurityPolicy = `
  default-src 'self';
-  script-src 'self' 'unsafe-eval' 'unsafe-inline';
+  script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app;
  style-src 'self' 'unsafe-inline' *.googleapis.com cdn.jsdelivr.net;
  img-src * blob: data:;
  media-src 'none';
  connect-src *;
  font-src 'self' fonts.gstatic.com cdn.jsdelivr.net;
+  frame-src giscus.app
 `

 const securityHeaders = [