Update Content-Security-Policy in vercel.json

Added 'unsafe-eval' to the script-src directive in Content-Security-Policy header. This allows the use of eval() and similar methods for JavaScript within the project's scope. However, be aware that this might increase the risk of cross-site scripting attacks.
2024-03-20 08:52:21 +04:00 · 2024-03-20 08:52:21 +04:00 · f98deb7535
commit f98deb7535
parent 1e171a0995
1 changed files with 1 additions and 1 deletions
--- a/vercel.json
+++ b/vercel.json
@ -5,7 +5,7 @@
        "headers": [
          {
            "key": "Content-Security-Policy",
-            "value": "default-src 'self'; base-uri 'self'; form-action 'self'; frame-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://images.unsplash.com; connect-src 'self'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content"
+            "value": "default-src 'self'; base-uri 'self'; form-action 'self'; frame-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://images.unsplash.com; connect-src 'self'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content"
          },
          {
            "key": "Permissions-Policy",