Skip to content

Commit

Permalink
chore: update policies
Browse files Browse the repository at this point in the history
  • Loading branch information
@mwargan
mwargan committed Mar 19, 2024
1 parent b025e58 commit 8ec0bba
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
3 changes: 3 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,9 @@ After installing everything - you should run the E2E tests to make sure everythi
### Your first changes
This starter kit is designed to provide a strong test foundation. When you'll change something in the code that will modify the element itself (changing the text for example), your snapshot and visual tests will fail. You can easily update snapshots with the commands provided in the starter kit (read below). This kind of workflow is very useful because it ensures that changes are intentional and that you are aware of them.

#### Other significant changes to make
- index.html: change the Content Security Policy (CSP) to match your needs, and remove the noindex meta tag

### Compile and Hot-Reload for Development

```sh
Expand Down
9 changes: 8 additions & 1 deletion index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,14 @@
<meta name="description" content="Vite App">

<meta http-equiv="Content-Security-Policy"
content="default-src 'self'; connect-src 'self' https://api.stripe.com *; frame-src 'self' https://js.stripe.com https://hooks.stripe.com; script-src 'self' https://js.stripe.com https://www.googletagmanager.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:;">
content=" connect-src 'self' https://api.stripe.com *; script-src 'self' https://js.stripe.com https://www.googletagmanager.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src https://cartes.io https://*.picsum.photos https://picsum.photos 'self' data:;">

<!-- The CSP below is what is best to start with, it is more restrictive than the one above. This starter-kit uses the one above just so the example pages render the images correctly. -->
<!-- <meta http-equiv="Content-Security-Policy"
content="default-src 'self'; connect-src 'self' https://api.stripe.com *; frame-src 'self' https://js.stripe.com https://hooks.stripe.com; script-src 'self' https://js.stripe.com https://www.googletagmanager.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:;"> -->

<!-- No index our demo pages -->
<meta name="robots" content="noindex">
</head>

<body>
Expand Down

0 comments on commit 8ec0bba

Please sign in to comment.