Greg/Paris
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: add CSP headers and upgrade Font Awesome to latest version with SRI

Browse Source
This commit is contained in:
Greg 2025-06-15 22:46:45 +02:00
parent 872440ca5c
commit a69e011fe9
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
index.html
View File

@ -4,13 +4,20 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Paris Hotels Under 300€ Per Night</title> <title>Paris Hotels Under 300€ Per Night</title>
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<meta name="referrer" content="strict-origin-when-cross-origin">
<meta http-equiv="Permissions-Policy" content="geolocation=(), microphone=(), camera=(), payment=(), usb=()">
<!-- It's generally recommended to set X-Frame-Options as an HTTP header by the server for better protection -->
<!-- Example: X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN -->
<!-- The CSP 'frame-ancestors' directive below provides similar protection -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://unpkg.com https://umami-ikow84gco0wcw8cgsc8o08g8.reflectonai.com; style-src 'self' https://unpkg.com https://cdn.jsdelivr.net; img-src 'self' data: https://pplx-res.cloudinary.com; font-src 'self' https://cdn.jsdelivr.net; connect-src 'self' https://umami-ikow84gco0wcw8cgsc8o08g8.reflectonai.com; frame-ancestors 'none'; object-src 'none'; base-uri 'self';">
<link rel="stylesheet" href="style.css"> <link rel="stylesheet" href="style.css">
<!-- Leaflet CSS --> <!-- Leaflet CSS -->
<link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css" <link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css"
integrity="sha256-p4NxAoJBhIIN+hmNHrzRCf9tD/miZyoHS5obTRR9BMY=" integrity="sha256-p4NxAoJBhIIN+hmNHrzRCf9tD/miZyoHS5obTRR9BMY="
crossorigin=""/> crossorigin=""/>
<!-- Font Awesome for icons --> <!-- Font Awesome for icons -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.2/css/all.min.css" integrity="sha256-dABdfBfUoC8vJUBOwGVdm8L9qlMWaHTIfXt+7GnZCIo=" crossorigin="anonymous">
<script defer src="https://umami-ikow84gco0wcw8cgsc8o08g8.reflectonai.com/script.js" data-website-id="70ad3fb0-dbf5-4c16-8a27-cfe1f6510f89"></script> <script defer src="https://umami-ikow84gco0wcw8cgsc8o08g8.reflectonai.com/script.js" data-website-id="70ad3fb0-dbf5-4c16-8a27-cfe1f6510f89"></script>
</head> </head>
<body> <body>