Dropping Stripe as a payment method (will replace with Venmo/USDCoin address) & Google Analytics for AniNIX/Sharingan -- some updates for CSP in line with https://observatory.mozilla.org/analyze/aninix.net

This commit is contained in:
DarkFeather 2023-11-16 12:50:26 -06:00
parent 5fa67890c2
commit 9b317d1677
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
2 changed files with 3 additions and 16 deletions

View File

@ -1,16 +1,3 @@
<!-- Google Analytics -->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-18148792-3']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<!-- Replace Gitea icon with AniNIX -->
<script type="text/javascript">
document.getElementById('navbar').children[0].children[0].children[0].src="/assets/img/AniNIX.png";
@ -20,5 +7,3 @@ _gaq.push(['_trackPageview']);
document.getElementById("pwdchange").setAttribute("target","_blank");
document.getElementById("chat").setAttribute("target","_blank");
</script>

View File

@ -1 +1,3 @@
add_header "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net www.gstatic.com www.google.com js.stripe.com unsafe-inline ssl.google-analytics.com 'self' aninix.net foundation.aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; img-src foundation.aninix.net 'self' aninix.net foundation.aninix.net upload.wikimedia.org commons.wikimedia.org creativecommons.org www.w3.org stripe.com ssl.google-analytics.com; font-src fonts.gstatic.com data: 'self' aninix.net foundation.aninix.net; connect-src ssl.google-analytics.com js.stripe.com mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' js.stripe.com aninix.net foundation.aninix.net www.google.com; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self';";
add_header "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net 'self' aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline'; img-src foundation.aninix.net 'self' aninix.net; font-src data: 'self' aninix.net foundation.aninix.net; connect-src mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' aninix.net foundation.aninix.net; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; default-src 'none'; ";
# Gitea requires unsafe-inline style sources for label colors
# TT-RSS requires unsafe-inline/unsafe-eval for its javascript dojo.js integrations.