feat: mejorar la política de seguridad de contenido y ajustar el iframe de Ko-fi en la barra lateral

2025-10-08 08:33:34 -05:00
parent 24cf917d93
commit b0198c7092
2 changed files with 2 additions and 2 deletions
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -107,7 +107,7 @@ function applySecurityHeaders(base: Record<string, string> = {}) {
    "X-Frame-Options": "DENY",
    // Mild CSP to avoid breaking inline styles/scripts already present; adjust as needed
    "Content-Security-Policy":
-      "default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:",
+      "default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; frame-src 'self' https://ko-fi.com https://*.ko-fi.com; child-src 'self' https://ko-fi.com https://*.ko-fi.com",
    ...base,
  };
 }