public/serve.json
{
"headers": [
{
"source": "**",
"headers": [
{
"key": "Content-Security-Policy",
"value": "default-src 'self'; connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; script-src 'self' https://storage.googleapis.com https://*.googletagmanager.com https://sentry.io; worker-src 'self' blob:; img-src 'self' data: blob: https://cdli.mpiwg-berlin.mpg.de https://cdn.auth0.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data: https://stackpath.bootstrapcdn.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.fontawesome.com; frame-src 'self' https://electronic-babylonian-literature.eu.auth0.com https://auth.ebl.lmu.de; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=63072000; includeSubDomains;"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Referrer-Policy",
"value": "no-referrer, strict-origin-when-cross-origin"
}
]
}
]
}