remove deprecated widget

ethanpalm · ethanpalm · commit 65c2e260ba34 · 2025-09-11T11:20:19.000-07:00
diff --git a/guides/csp-configuration.mdx b/guides/csp-configuration.mdx
@@ -25,7 +25,6 @@ The following CSP directives are used to control which resources can be loaded:
 | `d4tuoctqmanu0.cloudfront.net` | KaTeX CSS, fonts | `style-src`, `font-src` | Required |
 | `*.mintlify.dev` | Documentation content | `connect-src` | Required |
 | `d3gk2c5xim1je2.cloudfront.net` | Icons, images, logos | `img-src` | Required |
-| `unpkg.com` | Mintlify widget scripts | `script-src` | Required |
 | `www.googletagmanager.com` | Google Analytics/GTM | `script-src`, `connect-src` | Optional |
 | `cdn.segment.com` | Segment analytics | `script-src`, `connect-src` | Optional |
 | `plausible.io` | Plausible analytics | `script-src`, `connect-src` | Optional |
@@ -43,7 +42,7 @@ The following CSP directives are used to control which resources can be loaded:
 ```text wrap
 Content-Security-Policy:
 default-src 'self';
-script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com www.googletagmanager.com cdn.segment.com plausible.io tag.clearbitscripts.com cdn.heapanalytics.com
+script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.segment.com plausible.io tag.clearbitscripts.com cdn.heapanalytics.com
 chat.cdn-plain.com chat-assets.frontapp.com;
 style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net;
 font-src 'self' d4tuoctqmanu0.cloudfront.net;
@@ -67,7 +66,7 @@ Create a Response Header Transform Rule:
   - **Header name**: `Content-Security-Policy`
   - **Header value**:
     ```text wrap
-    default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev;
+    default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev;
     ```
 4. Deploy your rule.
 
@@ -82,7 +81,7 @@ Add a response headers policy in CloudFront:
     "Config": {
     "SecurityHeadersConfig": {
         "ContentSecurityPolicy": {
-        "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev;",
+        "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev;",
         "Override": true
         }
       }
@@ -103,7 +102,7 @@ Add to your `vercel.json`:
     "headers": [
         {
         "key": "Content-Security-Policy",
-        "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev;"
+        "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev;"
         }
       ]
     }
