From 924585d200907ba57fff826b6208bf2c0a1953f2 Mon Sep 17 00:00:00 2001 From: Evan Sosenko Date: Thu, 26 Oct 2023 12:28:47 -0700 Subject: [PATCH] docs: Remove seam.co from CSP --- README.md | 4 ++-- vercel.json | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 37c9adc0a..7b6d5eb2b 100644 --- a/README.md +++ b/README.md @@ -306,7 +306,7 @@ Then, load it from Google Fonts by placing the following in the `` tag: When using the default provider settings, the components are compatible with this CSP: ``` -default-src 'self'; connect-src 'self' https://connect.getseam.com; img-src 'self' https://connect.getseam.com https://seam.co https://www.seam.co; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com +default-src 'self'; connect-src 'self' https://connect.getseam.com; img-src 'self' https://connect.getseam.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com ``` #### Granular CSP @@ -317,7 +317,7 @@ By self hosting the styles and recommended fonts (or choosing not to use them), and proxying the Seam API endpoint, the components are compatible with this strict CSP: ``` -default-src 'self'; img-src 'self' https://connect.getseam.com https://seam.co https://www.seam.co +default-src 'self'; img-src 'self' https://connect.getseam.com ``` The `img-src` is required as some components display device images from the Seam API. diff --git a/vercel.json b/vercel.json index c03ceb878..ce8e491d8 100644 --- a/vercel.json +++ b/vercel.json @@ -22,7 +22,7 @@ "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'nonce-storybook'; connect-src 'self' https://connect.getseam.com; img-src 'self' https://connect.getseam.com https://seam.co https://www.seam.co https://img.shields.io https://github.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com" + "value": "default-src 'self'; script-src 'self' 'nonce-storybook'; connect-src 'self' https://connect.getseam.com; img-src 'self' https://connect.getseam.com https://img.shields.io https://github.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com" }, { "key": "X-DNS-Prefetch-Control", @@ -84,7 +84,7 @@ "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; connect-src 'self' https://connect.getseam.com; img-src 'self' https://connect.getseam.com https://seam.co https://www.seam.co; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com" + "value": "default-src 'self'; connect-src 'self' https://connect.getseam.com; img-src 'self' https://connect.getseam.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com" } ] }, @@ -93,7 +93,7 @@ "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'nonce-storybook'; connect-src 'self' https://connect.getseam.com; img-src 'self' https://connect.getseam.com https://seam.co https://www.seam.co https://img.shields.io https://github.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com" + "value": "default-src 'self'; script-src 'self' 'nonce-storybook'; connect-src 'self' https://connect.getseam.com; img-src 'self' https://connect.getseam.com https://img.shields.io https://github.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com" } ] },