Add manifest-src to CSP to fix browser complaints (!30) · Merge requests · Shivering-Isles / Blog

Sheogorath requested to merge fix/manifest-src into deploy Jun 20, 2020

As the default-src is set to 'none', currently browsers that support CSPv3 will block requests to the favicon manifest. This patch should fix this error by adding a proper definition for the manifest-src and this way solve the issue the browser has with the current CSP.

References: https://content-security-policy.com/ https://www.w3.org/TR/CSP3/#changes-from-level-2 https://www.w3.org/TR/CSP3/#directive-manifest-src

Add manifest-src to CSP to fix browser complaints

Merge request reports