add csp headers

nursoltan-chemantics · nursoltan-chemantics · commit ca1c150cdd19 · 2022-07-05T17:17:23.000+08:00
diff --git a/web-assets/local/index.html b/web-assets/local/index.html
@@ -4,6 +4,7 @@
 <head>
     <title>Auth0</title>
     <meta charset="utf-8" />
+    <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob:; frame-src *; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors * data: blob:;">
     <script language="javascript" type="text/javascript"
         src="https://accounts-auth0.topcoder-dev.com/setupAuth0WithRedirect.js"></script>
 </head>
diff --git a/web-assets/static-pages/check_email.html b/web-assets/static-pages/check_email.html
@@ -6,6 +6,7 @@
   <meta charset="utf-8" />
   <meta http-equiv="X-UA-Compatible" content="IE=edge" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob:; frame-src *; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors * data: blob:;">
   <link rel="shortcut icon" href="./images/favicon.ico" />
   <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700&display=swap" rel="stylesheet" />
   <link href="https://fonts.googleapis.com/css2?family=Barlow&family=Barlow+Condensed:wght@500&display=swap"
diff --git a/web-assets/static-pages/index.html b/web-assets/static-pages/index.html
@@ -4,6 +4,7 @@
     <title>Auth0</title>
     <meta charset="utf-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob:; frame-src *; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors * data: blob:;">
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <link rel="shortcut icon" href="./images/favicon.ico" />
     <script src="./setupAuth0WithRedirect.js"></script>
diff --git a/web-assets/static-pages/register_success.html b/web-assets/static-pages/register_success.html
@@ -4,6 +4,7 @@
     <title>Register Success</title>
     <meta charset="utf-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob:; frame-src *; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors * data: blob:;">
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <link rel="shortcut icon" href="./images/favicon.ico" />
     <link
diff --git a/web-assets/static-pages/signup.html b/web-assets/static-pages/signup.html
@@ -4,6 +4,7 @@
     <title>Signup</title>
     <meta charset="utf-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob:; frame-src *; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors * data: blob:;">
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <link rel="shortcut icon" href="./images/favicon.ico" />
     <link
