feat: mejorar la política de seguridad de contenido y ajustar el iframe de Ko-fi en la barra lateral

2025-10-08 08:33:34 -05:00
parent 24cf917d93
commit b0198c7092
2 changed files with 2 additions and 2 deletions
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -107,7 +107,7 @@ function applySecurityHeaders(base: Record<string, string> = {}) {
    "X-Frame-Options": "DENY",
    // Mild CSP to avoid breaking inline styles/scripts already present; adjust as needed
    "Content-Security-Policy":
-      "default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:",
+      "default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; frame-src 'self' https://ko-fi.com https://*.ko-fi.com; child-src 'self' https://ko-fi.com https://*.ko-fi.com",
    ...base,
  };
 }
--- a/src/server/views/partials/rightSidebar.ejs
+++ b/src/server/views/partials/rightSidebar.ejs
@@ -5,7 +5,7 @@
      <h3 class="text-sm font-semibold text-slate-200">Apoya el proyecto</h3>
    </div>
    <div class="p-2 bg-slate-900">
-      <iframe id="kofiframe" src="https://ko-fi.com/shnimlz/?hidefeed=true&widget=true&embed=true&preview=true"
+      <iframe class="rounded-2xl"  id="kofiframe" src="https://ko-fi.com/shnimlz/?hidefeed=true&widget=true&embed=true&preview=true"
              style="border:none;width:100%;padding:4px;background:#0b1020;"
              height="712" title="shnimlz"></iframe>
    </div>