api.jquery.com: add CSP exception for flickr for /jQuery.getJSON

Ref jquery/infrastructure-puppet#54 Closes jquerygh-474
timmywil · Dec 15, 2024 · 3d9935c · 3d9935c
1 parent 8905e99
commit 3d9935c
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/themes/api.jquery.com/functions.php b/themes/api.jquery.com/functions.php
@@ -1,8 +1,10 @@
 <?php
 
 // Allow inline scripts and styles in API demos
+// Allow flickr script and images on https://api.jquery.com/jQuery.getJSON/
 add_filter( 'jq_content_security_policy', function ( $policy ) {
-	$policy[ 'script-src' ] = "'self' 'unsafe-inline' code.jquery.com";
+	$policy[ 'script-src' ] = "'self' 'unsafe-inline' code.jquery.com api.flickr.com";
 	$policy[ 'style-src' ] = "'self' 'unsafe-inline' code.jquery.com";
+	$policy[ 'img-src' ] = "'self' data: code.jquery.com live.staticflickr.com";
 	return $policy;
 } );