diff options
| author | Andrew Bonventre <andybons@google.com> | 2020-04-29 17:28:31 -0400 |
|---|---|---|
| committer | Andrew Bonventre <andybons@google.com> | 2020-04-29 17:28:31 -0400 |
| commit | 9162f2b15cd77907141dbe36736ebdfd8050260a (patch) | |
| tree | 497ade23e541a20fec74ac3057f349e82a972ce7 /go.dev | |
| parent | 3f3fab938104248b47a1e853482e24402aa627eb (diff) | |
| download | go-x-website-9162f2b15cd77907141dbe36736ebdfd8050260a.tar.xz | |
[x/go.dev] all: update CSP headers to allow Google Tag Manager
Updates b/154628605
Change-Id: Ia32fde833b0ed1b9988e5c6b4da18598e0881fe2
X-GoDev-Commit: d4ee22cdb0a72c70bb505323bea6ae560c2fef6e
Diffstat (limited to 'go.dev')
| -rw-r--r-- | go.dev/app.learn.yaml | 8 | ||||
| -rw-r--r-- | go.dev/app.yaml | 8 |
2 files changed, 8 insertions, 8 deletions
diff --git a/go.dev/app.learn.yaml b/go.dev/app.learn.yaml index 82606aba..0f917801 100644 --- a/go.dev/app.learn.yaml +++ b/go.dev/app.learn.yaml @@ -7,7 +7,7 @@ handlers: static_files: public/learn/index.html upload: public/learn/index.html http_headers: - Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com; img-src 'self' data: *; object-src 'none'; script-src 'self' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" + Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" - url: /(explore|learn) secure: always @@ -24,21 +24,21 @@ handlers: static_files: public/\1.\2 upload: public/(.*) http_headers: - Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com; img-src 'self' data: *; object-src 'none'; script-src 'self' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" + Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" # Handle arbitrary paths with an index.html, special casing the trailing slash. - url: /(.*)/ static_files: public/learn/\1/index.html upload: public/learn/(.*)/index.html http_headers: - Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com; img-src 'self' data: *; object-src 'none'; script-src 'self' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" + Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" # Handle arbitrary paths with an index.html - url: /(.*) static_files: public/learn/\1/index.html upload: public/learn/(.*)/index.html http_headers: - Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com; img-src 'self' data: *; object-src 'none'; script-src 'self' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" + Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" - url: /.* secure: always diff --git a/go.dev/app.yaml b/go.dev/app.yaml index f4daff01..92b3748b 100644 --- a/go.dev/app.yaml +++ b/go.dev/app.yaml @@ -7,7 +7,7 @@ handlers: static_files: public/index.html upload: public/index.html http_headers: - Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com; img-src 'self' data: *; object-src 'none'; script-src 'self' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" + Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" - url: /(explore|learn) secure: always @@ -24,21 +24,21 @@ handlers: static_files: public/\1.\2 upload: public/(.*) http_headers: - Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com; img-src 'self' data: *; object-src 'none'; script-src 'self' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" + Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" # Handle arbitrary paths with an index.html, special casing the trailing slash. - url: /(.*)/ static_files: public/\1/index.html upload: public/(.*)/index.html http_headers: - Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com; img-src 'self' data: *; object-src 'none'; script-src 'self' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" + Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" # Handle arbitrary paths with an index.html - url: /(.*) static_files: public/\1/index.html upload: public/(.*)/index.html http_headers: - Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com; img-src 'self' data: *; object-src 'none'; script-src 'self' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" + Content-Security-Policy: "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'none'" - url: /.* secure: always |