From 4d5002e7451c1cbb2905704c150e017ede722b09 Mon Sep 17 00:00:00 2001 From: Joey Perrott Date: Thu, 1 May 2025 19:42:35 +0000 Subject: [PATCH 1/2] docs: update the CSP configuration --- docs/angular.json | 2 +- docs/firebase.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/angular.json b/docs/angular.json index 6b4d03015bfc..c8556ab5ce7c 100644 --- a/docs/angular.json +++ b/docs/angular.json @@ -106,7 +106,7 @@ "options": { "headers": { "--NOTE--": "Keep in sync with `firebase.json`", - "Content-Security-Policy": "upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: *; frame-src https://www.youtube.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com; child-src 'self' blob:; connect-src 'self' https://material.angular.io https://material.angular.dev https://*.google-analytics.com https://stats.g.doubleclick.net https://api.github.com https://www.googletagmanager.com;" + "Content-Security-Policy": "upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: *; frame-src https://www.youtube.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com; child-src 'self' blob:; connect-src 'self' https://material.angular.io https://*.angular.dev https://*.google-analytics.com https://stats.g.doubleclick.net https://api.github.com https://www.googletagmanager.com;" }, "buildTarget": "material-angular-io:build" }, diff --git a/docs/firebase.json b/docs/firebase.json index 0da3038f7be3..e7fce0572560 100644 --- a/docs/firebase.json +++ b/docs/firebase.json @@ -45,7 +45,7 @@ { "key": "Content-Security-Policy", // Keep in sync with `angular.json`. - "value": "upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: *; frame-src https://www.youtube.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com; child-src 'self' blob:; connect-src 'self' https://material.angular.dev https://material.angular.io https://*.google-analytics.com https://stats.g.doubleclick.net https://api.github.com https://www.googletagmanager.com;" + "value": "upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: *; frame-src https://www.youtube.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com; child-src 'self' blob:; connect-src 'self' https://*.angular.dev https://material.angular.io https://*.google-analytics.com https://stats.g.doubleclick.net https://api.github.com https://www.googletagmanager.com;" } ] }, From 949750a76e61108738e7d7919f08b3a52471e817 Mon Sep 17 00:00:00 2001 From: Joey Perrott Date: Thu, 1 May 2025 19:43:06 +0000 Subject: [PATCH 2/2] ci: use the browser directory of the generated documentation app for previews --- .github/workflows/docs-preview-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docs-preview-build.yml b/.github/workflows/docs-preview-build.yml index 24064070160d..0600165b5b6c 100644 --- a/.github/workflows/docs-preview-build.yml +++ b/.github/workflows/docs-preview-build.yml @@ -35,4 +35,4 @@ jobs: workflow-artifact-name: 'docs-preview' pull-number: '${{github.event.pull_request.number}}' artifact-build-revision: '${{github.event.pull_request.head.sha}}' - deploy-directory: './dist/bin/docs/dist' + deploy-directory: './dist/bin/docs/dist/browser'