upstream #1
@ -16,7 +16,7 @@ const Disqus = ({ frontMatter }) => {
|
|||||||
}
|
}
|
||||||
if (window.DISQUS === undefined) {
|
if (window.DISQUS === undefined) {
|
||||||
const script = document.createElement('script')
|
const script = document.createElement('script')
|
||||||
script.src = 'https://' + siteMetadata.comment.disqus.shortname + '.disqus.com/embed.js'
|
script.src = 'https://' + siteMetadata.comment.disqusConfig.shortname + '.disqus.com/embed.js'
|
||||||
script.setAttribute('data-timestamp', +new Date())
|
script.setAttribute('data-timestamp', +new Date())
|
||||||
script.setAttribute('crossorigin', 'anonymous')
|
script.setAttribute('crossorigin', 'anonymous')
|
||||||
script.async = true
|
script.async = true
|
||||||
|
|||||||
@ -5,12 +5,13 @@ const withBundleAnalyzer = require('@next/bundle-analyzer')({
|
|||||||
// You might need to insert additional domains in script-src if you are using external services
|
// You might need to insert additional domains in script-src if you are using external services
|
||||||
const ContentSecurityPolicy = `
|
const ContentSecurityPolicy = `
|
||||||
default-src 'self';
|
default-src 'self';
|
||||||
script-src 'self' 'unsafe-eval' 'unsafe-inline';
|
script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app;
|
||||||
style-src 'self' 'unsafe-inline' *.googleapis.com cdn.jsdelivr.net;
|
style-src 'self' 'unsafe-inline' *.googleapis.com cdn.jsdelivr.net;
|
||||||
img-src * blob: data:;
|
img-src * blob: data:;
|
||||||
media-src 'none';
|
media-src 'none';
|
||||||
connect-src *;
|
connect-src *;
|
||||||
font-src 'self' fonts.gstatic.com cdn.jsdelivr.net;
|
font-src 'self' fonts.gstatic.com cdn.jsdelivr.net;
|
||||||
|
frame-src giscus.app
|
||||||
`
|
`
|
||||||
|
|
||||||
const securityHeaders = [
|
const securityHeaders = [
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user