Updating CSP

Author: alex72508

customHttp.yml

@@ -0,0 +1,98 @@
+customHeaders:
+  - pattern: '**'
+    headers:
+      - key: Content-Security-Policy
+        value: >-
+          default-src 'self' *.kinde.com; style-src 'self' 'unsafe-inline'
+          https://fonts.googleapis.com; frame-src
+          https://www.youtube-nocookie.com; child-src 'self';          
+          connect-src 'self' wss: https://api.management.inkeep.com
+          https://api.inkeep.com wss://api.inkeep.com https://api.hsforms.com
+          https://app.kinde.com https://kinde.com
+          https://kinde-api-docs-proxy.pages.dev https://analytics.usehall.com;
+          base-uri 'none'; font-src 'self' https://fonts.gstatic.com; img-src
+          'self' data: https://storage.googleapis.com https://imagedelivery.net
+          https://customer-xcbruusbiervz265.cloudflarestream.com
+          https://i.ytimg.com; media-src 'self'
+          https://customer-xcbruusbiervz265.cloudflarestream.com
+          https://i.ytimg.com https://youtu.be/; object-src 'none'; script-src
+          'sha256-VWo5Wp4aqSj6nSgMpeAp9cKieaoIfwFUAunAVugI5gA='
+          'sha256-eK6QBCH4drFoAQ8lFmi8o+7E/BwUpsqxcKBWZLSLyQo='
+          'sha256-PZCCLkzL9YCPjPgDH+KCBqA5VGDSCl9hubk14XqtMDY='
+          'sha256-2ma4o2Cv6q4Gj4eaxcbF8oY4OeIhiQQOGtYSd0zPC54='
+          'sha256-vP2DH/6pwlkOUjRloJ8ouqT7+/hUWEfqGrVgpBCYZTY='
+          'sha256-7n2zsJJ3OJy+03M/bndAOZH82OfuWMOnTx7T5reXUNY='
+          'sha256-Dj1JkgKCKMnQDGwFFwK3fesfw6AphGoKdgFv8R+Clu8='
+          'sha256-vbaadsa0qzKoxZNpwdU1krTlwCZ2GP0oz87sB1yF/6A='
+          'sha256-9YPKRPlDWSzDLTFd2ymgbR36hwtVSzb6TjfD00W5B3Y='
+          'sha256-ObSuLiX0+YiHciysWgD+navQS8F/Zw6MC2IrUXJpX5Q='
+          'sha256-VTPkflC5B5I/pI+/Q1cnJXif3W+asZRxhYQMwcr5c+0='
+          'sha256-z/4EgkrJk25Kl8I32jIE2nzzxwYPdzJ3rWRiQXrBsAs='
+          'sha256-rB9PWqOIDhTIEbtgV8wtIrUUMA+3cgqJjmr3TY9YCmM='
+          'sha256-Vii9e1JkzzWVI6DO0DGPlt+/UCyIQiJCZx6wVEuRWr0='
+          'sha256-szfLSGiNWrV5m1Nr+g2tzKVstrJxYDPK80xA6gn8sT0='
+          'sha256-w+FQAT20sk+2ucj42Wx5kr5y8ZAHpGZ+K/rfwCpAbLk='
+          'sha256-Qq4OPQ+mXDUolHmDtKWI/MYiilwUfL2YOMB7ldWAks0='
+          'sha256-SqEUaXvSeIzI16ZQV3Hc1h/Cuzk+56GmyxQ3W+x5zZg='
+          'sha256-5B8s3UGlWDFU9tzM4DGDA4dD1sOV3kb/1TSOpfTuEvo='
+          'sha256-ksuAFu7Hd775nzkr+SiQFnrrgkdZXsZuPdyVrecDp/4='
+          'sha256-wX2yOADeV+NMngflD5uYi3vl50SHC4sfM1EmylVjlX4='
+          'sha256-7eCV4jtsr4t4knb3c4FCRPeu7GGZeOUGE3XvWix0XOQ='
+          'sha256-OizSKqsU+f0G4vojbxNt0Lao3kUpTmCLQSv3y6P7qhQ='
+          'sha256-ZOND5PirXJ/KGOiJVbRQAIskp9o83/I3ySoXkGfvuec='
+          'sha256-vRP3yttWg1O/UPabV81Vjc2PIQisZEhROAiBTgxXmbM='
+          'sha256-7HDSC8Js7nXYmgQNmtKTPjD+zSyeejuBySTNLmNHBEA='
+          'sha256-8JLcQFZQruxl3jMUwogr3y5/GMmZPAc+j2mNi7gywmw='
+          'sha256-w78n7W12c94ck4KhBCBA4NrjqkbDvSutqee+u+no0Tg='
+          'sha256-/4BQzbQ0kgR1l13wtSM3rZ7nSvyV3PX/ShEfhZA1WoQ='
+          'sha256-zB5rUhTjHzt+r/RjhhI8CyMb5Y63k+J7ICVfQ7iHJqA='
+          'sha256-fFmtUWM/kGeUru+1rcCArLmnXKoEjis5I/dYQkZA+HM='
+          'sha256-13ENHEoc4foVPMgYwApSstLrIGX/6Y5xvroD2DkDFcE=' 'self'
+          widgets.kinde.com kinde.com
+          https://cdn.jsdelivr.net/npm/@scalar/[email protected]/dist/browser/standalone.min.js
+      - key: Strict-Transport-Security
+        value: max-age=31536000; includeSubDomains; preload
+      - key: X-Frame-Options
+        value: SAMEORIGIN
+      - key: X-XSS-Protection
+        value: 1; mode=block
+      - key: X-Content-Type-Options
+        value: nosniff
+      - key: Referrer-Policy
+        value: strict-origin-when-cross-origin
+      - key: Permissions-Policy
+        value: >-
+          geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(),
+          magnetometer=(), gyroscope=(), fullscreen=self, payment=()
+  - pattern: '**/*'
+    headers:
+      - key: Cache-Control
+        value: max-age=3600
+  - pattern: /kinde-apis/management/*
+    headers:
+      - key: Content-Security-Policy
+        value: >-
+          default-src 'self' *.kinde.com;  style-src 'self' 'unsafe-inline'
+          https://fonts.googleapis.com;  frame-ancestors 'none';  script-src
+          https://cdn.jsdelivr.net/npm/@scalar/[email protected]/dist/browser/standalone.min.js
+          'unsafe-inline' 'self' widgets.kinde.com kinde.com;  font-src
+          https://fonts.scalar.com 'self' https://fonts.gstatic.com; connect-src
+          'self' wss: https://api.management.inkeep.com https://api.inkeep.com
+          wss://api.inkeep.com https://api.hsforms.com https://app.kinde.com
+          https://kinde.com https://api-spec.kinde.com
+          https://kinde-api-docs-proxy.pages.dev https://analytics.usehall.com;
+          img-src https://storage.googleapis.com
+  - pattern: /kinde-apis/frontend/*
+    headers:
+      - key: Content-Security-Policy
+        value: >-
+          default-src 'self' *.kinde.com;  style-src 'self' 'unsafe-inline'
+          https://fonts.googleapis.com;  frame-ancestors 'none';  script-src
+          https://cdn.jsdelivr.net/npm/@scalar/[email protected]/dist/browser/standalone.min.js
+          'unsafe-inline' 'self' widgets.kinde.com kinde.com;  font-src
+          https://fonts.scalar.com 'self' https://fonts.gstatic.com; connect-src
+          'self' wss: https://api.management.inkeep.com https://api.inkeep.com
+          wss://api.inkeep.com https://api.hsforms.com https://app.kinde.com
+          https://kinde.com https://api-spec.kinde.com
+          https://kinde-api-docs-proxy.pages.dev https://analytics.usehall.com;
+          img-src https://storage.googleapis.com