diff --git a/config/seckit.settings.yml b/config/seckit.settings.yml index 400fe607..3ccc0c8b 100644 --- a/config/seckit.settings.yml +++ b/config/seckit.settings.yml @@ -13,7 +13,7 @@ seckit_xss: style-src: "'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.google.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net https://cdn-images.mailchimp.com" img-src: "'self' data: https://*" media-src: "'self' data:" - frame-src: "'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://flo.uri.sh https://api.mapbox.com https://app.powerbi.com https://data.humdata.org https://drive.google.com calendar.google.com https://www.youtube.com https://datawrapper.dwcdn.net https://teamup.com https://lookerstudio.google.com https://experience.arcgis.com https://public.tableau.com https://rrmniger.azurewebsites.net/ *.unocha.org https://*.addevent.com https://cdn.knightlab.com https://dashboards.impact-initiatives.org https://docs.google.com https://e.infogram.com https://jmmi-northernsyria.shinyapps.io https://logie.logcluster.org https://m.facebook.com https://miro.com https://spxih.mjt.lu https://turkiyeeq.thedeep.io https://ukraine.servicesadvisor.net https://unhcr.carto.com https://www.arcgis.com https://www.facebook.com https://rwsupport.aidaform.com" + frame-src: "'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://flo.uri.sh https://api.mapbox.com https://app.powerbi.com https://data.humdata.org https://drive.google.com calendar.google.com https://www.youtube.com https://datawrapper.dwcdn.net https://teamup.com https://lookerstudio.google.com https://experience.arcgis.com https://public.tableau.com https://rrmniger.azurewebsites.net/ *.unocha.org https://*.addevent.com https://cdn.knightlab.com https://dashboards.impact-initiatives.org https://docs.google.com https://e.infogram.com https://jmmi-northernsyria.shinyapps.io https://logie.logcluster.org https://m.facebook.com https://miro.com https://spxih.mjt.lu https://turkiyeeq.thedeep.io https://ukraine.servicesadvisor.net https://unhcr.carto.com https://www.arcgis.com https://www.facebook.com https://rwsupport.aidaform.com https://analytics.wfp.org" frame-ancestors: "'self'" child-src: "'self'" font-src: "'self' data: fonts.gstatic.com"