From 59b980637700f5721c2fd01c5c508d9c899503bd Mon Sep 17 00:00:00 2001 From: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Date: Thu, 18 Sep 2025 10:59:46 -0700 Subject: [PATCH 1/6] Add missing hostnames to CSP configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added 13 missing domains found in comprehensive codebase search: - *.mintlify.com (dashboard, API, analytics proxy) - leaves.mintlify.com (GitLab webhooks) - d1ctpt7j8wusba.cloudfront.net (mint releases) - mintcdn.com (asset tracking) - api.mintlifytrieve.com (search API) - mintlify-assets.b-cdn.net (BunnyCDN) - mintlify.s3-us-west-1.amazonaws.com (S3 images) - fonts.googleapis.com (Google Fonts) - cdn.jsdelivr.net (emoji assets) - us.posthog.com (PostHog analytics) - cdn.getkoala.com (Koala analytics) - browser.sentry-cdn.com (Sentry error tracking) - js.sentry-cdn.com (Sentry SDK) Updated domain whitelist table and all CSP configuration examples (Cloudflare, AWS CloudFront, Vercel) to include required domains. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- guides/csp-configuration.mdx | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/guides/csp-configuration.mdx b/guides/csp-configuration.mdx index 5f4527f1a..6d34ccd99 100644 --- a/guides/csp-configuration.mdx +++ b/guides/csp-configuration.mdx @@ -23,15 +23,28 @@ The following CSP directives are used to control which resources can be loaded: | Domain | Purpose | CSP directive | Required | |:-------|:--------|:--------------|:-------| | `d4tuoctqmanu0.cloudfront.net` | KaTeX CSS, fonts | `style-src`, `font-src` | Required | -| `*.mintlify.dev` | Documentation content | `connect-src` | Required | +| `*.mintlify.dev` | Documentation content | `connect-src`, `frame-src` | Required | +| `*.mintlify.com` | Dashboard, API, analytics proxy | `connect-src` | Required | +| `leaves.mintlify.com` | GitLab webhook integration | `connect-src` | Required | | `d3gk2c5xim1je2.cloudfront.net` | Icons, images, logos | `img-src` | Required | +| `d1ctpt7j8wusba.cloudfront.net` | Mint version and release files | `connect-src` | Required | +| `mintcdn.com` | Asset tracking, favicons | `img-src`, `connect-src` | Required | +| `api.mintlifytrieve.com` | Search API | `connect-src` | Required | +| `mintlify-assets.b-cdn.net` | BunnyCDN assets | `img-src` | Required | +| `mintlify.s3-us-west-1.amazonaws.com` | S3 bucket images | `img-src` | Required | +| `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Required | +| `cdn.jsdelivr.net` | Emoji assets for OG images | `script-src`, `img-src` | Required | | `www.googletagmanager.com` | Google Analytics/GTM | `script-src`, `connect-src` | Optional | | `cdn.segment.com` | Segment analytics | `script-src`, `connect-src` | Optional | | `plausible.io` | Plausible analytics | `script-src`, `connect-src` | Optional | +| `us.posthog.com` | PostHog analytics | `connect-src` | Optional | +| `cdn.getkoala.com` | Koala analytics | `script-src` | Optional | | `tag.clearbitscripts.com` | Clearbit tracking | `script-src` | Optional | | `cdn.heapanalytics.com` | Heap analytics | `script-src` | Optional | | `chat.cdn-plain.com` | Plain chat widget | `script-src` | Optional | | `chat-assets.frontapp.com` | Front chat widget | `script-src` | Optional | +| `browser.sentry-cdn.com` | Sentry error tracking | `script-src`, `connect-src` | Optional | +| `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | Optional | ## Example CSP configuration @@ -42,12 +55,15 @@ The following CSP directives are used to control which resources can be loaded: ```text wrap Content-Security-Policy: default-src 'self'; -script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.segment.com plausible.io tag.clearbitscripts.com cdn.heapanalytics.com -chat.cdn-plain.com chat-assets.frontapp.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; -font-src 'self' d4tuoctqmanu0.cloudfront.net; -img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; -connect-src 'self' *.mintlify.dev www.googletagmanager.com cdn.segment.com plausible.io; +script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io +us.posthog.com cdn.getkoala.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com +browser.sentry-cdn.com js.sentry-cdn.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net d1ctpt7j8wusba.cloudfront.net mintcdn.com +mintlify-assets.b-cdn.net mintlify.s3-us-west-1.amazonaws.com cdn.jsdelivr.net; +connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com +api.mintlifytrieve.com www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; frame-src 'self' *.mintlify.dev; ``` @@ -66,7 +82,7 @@ Create a Response Header Transform Rule: - **Header name**: `Content-Security-Policy` - **Header value**: ```text wrap - default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev; + default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net d1ctpt7j8wusba.cloudfront.net mintcdn.com mintlify-assets.b-cdn.net mintlify.s3-us-west-1.amazonaws.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev; ``` 4. Deploy your rule. @@ -81,7 +97,7 @@ Add a response headers policy in CloudFront: "Config": { "SecurityHeadersConfig": { "ContentSecurityPolicy": { - "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev;", + "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net d1ctpt7j8wusba.cloudfront.net mintcdn.com mintlify-assets.b-cdn.net mintlify.s3-us-west-1.amazonaws.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;", "Override": true } } @@ -102,7 +118,7 @@ Add to your `vercel.json`: "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net; font-src 'self' d4tuoctqmanu0.cloudfront.net; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net; connect-src 'self' *.mintlify.dev; frame-src 'self' *.mintlify.dev;" + "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net d1ctpt7j8wusba.cloudfront.net mintcdn.com mintlify-assets.b-cdn.net mintlify.s3-us-west-1.amazonaws.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;" } ] } From 2499f5d884996385997e6bde20a629b7dd170b77 Mon Sep 17 00:00:00 2001 From: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Date: Thu, 18 Sep 2025 13:15:17 -0700 Subject: [PATCH 2/6] Apply suggestions from code review Co-authored-by: Mayank Shouche <43075711+mayankshouche@users.noreply.github.com> --- guides/csp-configuration.mdx | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/guides/csp-configuration.mdx b/guides/csp-configuration.mdx index 6d34ccd99..0019125fe 100644 --- a/guides/csp-configuration.mdx +++ b/guides/csp-configuration.mdx @@ -25,14 +25,12 @@ The following CSP directives are used to control which resources can be loaded: | `d4tuoctqmanu0.cloudfront.net` | KaTeX CSS, fonts | `style-src`, `font-src` | Required | | `*.mintlify.dev` | Documentation content | `connect-src`, `frame-src` | Required | | `*.mintlify.com` | Dashboard, API, analytics proxy | `connect-src` | Required | -| `leaves.mintlify.com` | GitLab webhook integration | `connect-src` | Required | +| `leaves.mintlify.com` | Assistant API | `connect-src` | Required | | `d3gk2c5xim1je2.cloudfront.net` | Icons, images, logos | `img-src` | Required | | `d1ctpt7j8wusba.cloudfront.net` | Mint version and release files | `connect-src` | Required | | `mintcdn.com` | Asset tracking, favicons | `img-src`, `connect-src` | Required | | `api.mintlifytrieve.com` | Search API | `connect-src` | Required | -| `mintlify-assets.b-cdn.net` | BunnyCDN assets | `img-src` | Required | -| `mintlify.s3-us-west-1.amazonaws.com` | S3 bucket images | `img-src` | Required | -| `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Required | +| `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Optional | | `cdn.jsdelivr.net` | Emoji assets for OG images | `script-src`, `img-src` | Required | | `www.googletagmanager.com` | Google Analytics/GTM | `script-src`, `connect-src` | Optional | | `cdn.segment.com` | Segment analytics | `script-src`, `connect-src` | Optional | From 11ba30dea45be80a359fd01544dd776eb006eac3 Mon Sep 17 00:00:00 2001 From: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Date: Thu, 18 Sep 2025 13:16:42 -0700 Subject: [PATCH 3/6] Update guides/csp-configuration.mdx Co-authored-by: Lucas <18381968+lucaspunz@users.noreply.github.com> --- guides/csp-configuration.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/guides/csp-configuration.mdx b/guides/csp-configuration.mdx index 0019125fe..c0a2f3670 100644 --- a/guides/csp-configuration.mdx +++ b/guides/csp-configuration.mdx @@ -28,7 +28,8 @@ The following CSP directives are used to control which resources can be loaded: | `leaves.mintlify.com` | Assistant API | `connect-src` | Required | | `d3gk2c5xim1je2.cloudfront.net` | Icons, images, logos | `img-src` | Required | | `d1ctpt7j8wusba.cloudfront.net` | Mint version and release files | `connect-src` | Required | -| `mintcdn.com` | Asset tracking, favicons | `img-src`, `connect-src` | Required | +| `mintcdn.com` | Images, favicons | `img-src`, `connect-src` | Required | +| `*.mintcdn.com` | Images, favicons | `img-src`, `connect-src` | Required | | `api.mintlifytrieve.com` | Search API | `connect-src` | Required | | `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Optional | | `cdn.jsdelivr.net` | Emoji assets for OG images | `script-src`, `img-src` | Required | From f8fd54c468913eaa49938bb54dbe87ada5b845f0 Mon Sep 17 00:00:00 2001 From: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Date: Thu, 18 Sep 2025 13:18:51 -0700 Subject: [PATCH 4/6] Update guides/csp-configuration.mdx --- guides/csp-configuration.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guides/csp-configuration.mdx b/guides/csp-configuration.mdx index c0a2f3670..c3786da98 100644 --- a/guides/csp-configuration.mdx +++ b/guides/csp-configuration.mdx @@ -31,8 +31,8 @@ The following CSP directives are used to control which resources can be loaded: | `mintcdn.com` | Images, favicons | `img-src`, `connect-src` | Required | | `*.mintcdn.com` | Images, favicons | `img-src`, `connect-src` | Required | | `api.mintlifytrieve.com` | Search API | `connect-src` | Required | -| `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Optional | | `cdn.jsdelivr.net` | Emoji assets for OG images | `script-src`, `img-src` | Required | +| `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Optional | | `www.googletagmanager.com` | Google Analytics/GTM | `script-src`, `connect-src` | Optional | | `cdn.segment.com` | Segment analytics | `script-src`, `connect-src` | Optional | | `plausible.io` | Plausible analytics | `script-src`, `connect-src` | Optional | From 6ae2119feccc2ac56304da009e3dfb90f10ba65d Mon Sep 17 00:00:00 2001 From: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Date: Thu, 18 Sep 2025 13:25:38 -0700 Subject: [PATCH 5/6] Update CSP examples to match revised domain whitelist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove mintlify-assets.b-cdn.net and mintlify.s3-us-west-1.amazonaws.com - Add *.mintcdn.com wildcard domain to img-src and connect-src - Update all configuration examples (main, Cloudflare, AWS CloudFront, Vercel) - Align with reviewer feedback from PR #1202 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- guides/csp-configuration.mdx | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/guides/csp-configuration.mdx b/guides/csp-configuration.mdx index c3786da98..585ac2d34 100644 --- a/guides/csp-configuration.mdx +++ b/guides/csp-configuration.mdx @@ -59,10 +59,9 @@ us.posthog.com cdn.getkoala.com tag.clearbitscripts.com cdn.heapanalytics.com ch browser.sentry-cdn.com js.sentry-cdn.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; -img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net d1ctpt7j8wusba.cloudfront.net mintcdn.com -mintlify-assets.b-cdn.net mintlify.s3-us-west-1.amazonaws.com cdn.jsdelivr.net; +img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com -api.mintlifytrieve.com www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; +*.mintcdn.com api.mintlifytrieve.com www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; frame-src 'self' *.mintlify.dev; ``` @@ -81,7 +80,7 @@ Create a Response Header Transform Rule: - **Header name**: `Content-Security-Policy` - **Header value**: ```text wrap - default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net d1ctpt7j8wusba.cloudfront.net mintcdn.com mintlify-assets.b-cdn.net mintlify.s3-us-west-1.amazonaws.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev; + default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev; ``` 4. Deploy your rule. @@ -96,7 +95,7 @@ Add a response headers policy in CloudFront: "Config": { "SecurityHeadersConfig": { "ContentSecurityPolicy": { - "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net d1ctpt7j8wusba.cloudfront.net mintcdn.com mintlify-assets.b-cdn.net mintlify.s3-us-west-1.amazonaws.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;", + "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;", "Override": true } } @@ -117,7 +116,7 @@ Add to your `vercel.json`: "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net d1ctpt7j8wusba.cloudfront.net mintcdn.com mintlify-assets.b-cdn.net mintlify.s3-us-west-1.amazonaws.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;" + "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;" } ] } From abf4815475a8a39463f490e68160e1cfcc0785b0 Mon Sep 17 00:00:00 2001 From: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Date: Thu, 18 Sep 2025 13:35:50 -0700 Subject: [PATCH 6/6] remove redundancies in examples --- guides/csp-configuration.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/guides/csp-configuration.mdx b/guides/csp-configuration.mdx index 585ac2d34..c729cdb87 100644 --- a/guides/csp-configuration.mdx +++ b/guides/csp-configuration.mdx @@ -60,8 +60,8 @@ browser.sentry-cdn.com js.sentry-cdn.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; -connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com -*.mintcdn.com api.mintlifytrieve.com www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; +connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com +api.mintlifytrieve.com www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; frame-src 'self' *.mintlify.dev; ``` @@ -80,7 +80,7 @@ Create a Response Header Transform Rule: - **Header name**: `Content-Security-Policy` - **Header value**: ```text wrap - default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev; + default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev; ``` 4. Deploy your rule. @@ -95,7 +95,7 @@ Add a response headers policy in CloudFront: "Config": { "SecurityHeadersConfig": { "ContentSecurityPolicy": { - "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;", + "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;", "Override": true } } @@ -116,7 +116,7 @@ Add to your `vercel.json`: "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com leaves.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;" + "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com api.mintlifytrieve.com; frame-src 'self' *.mintlify.dev;" } ] }