From 159492fcbeef53780529d9c568ada27504d3af42 Mon Sep 17 00:00:00 2001 From: Daryna Pastushenko Date: Mon, 9 Feb 2026 06:16:03 +0200 Subject: [PATCH 1/3] fix: csp errors --- redocly.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/redocly.yaml b/redocly.yaml index ac7a32ea..8e4e5d3a 100644 --- a/redocly.yaml +++ b/redocly.yaml @@ -212,13 +212,14 @@ responseHeaders: 'sha256-2VNfiq6Um2ua9MLfzend4JESqZeD1VSgkWvUrPvrlZE=' 'sha256-6Z9XwT1XsndpCDjoLgO3W3g2Dptc9WedO+nSCr9k3no=' 'sha256-+Ozb/ItuZAdaQgJd2RebN2rKWj1XkBuXVaV6/lT4Juo=' - 'sha256-9qgU5FDrauEgF+e1iJWvsh46OwsIkNOLjkXggr/02jk='; + 'sha256-9qgU5FDrauEgF+e1iJWvsh46OwsIkNOLjkXggr/02jk=' + 'sha256-v7ddZtWCUr5oF3kgrlEot4fG861CKDXUt0aTaNaIk6Q='; object-src 'none'; base-uri 'self'; connect-src 'self' https://webhook.frontapp.com - https://j.clarity.ms + https://j.clarity.ms/* https://api.github.com https://api.rebilly.com https://forms.hsforms.com @@ -226,7 +227,9 @@ responseHeaders: https://*.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://v.clarity.ms/collect - https://cdn.jsdelivr.net; + https://cdn.jsdelivr.net + https://forms-na2.hscollectedforms.net/* + https://forms-na2.hsforms.com/*; form-action 'self' https://forms.hsforms.com From 74a6f3fdb9b40e989b2ff3a47570ac43fcf25b33 Mon Sep 17 00:00:00 2001 From: Daryna Pastushenko Date: Mon, 9 Feb 2026 06:38:01 +0200 Subject: [PATCH 2/3] fix: update links --- redocly.yaml | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/redocly.yaml b/redocly.yaml index 8e4e5d3a..bf184a00 100644 --- a/redocly.yaml +++ b/redocly.yaml @@ -228,8 +228,8 @@ responseHeaders: https://hubspot-forms-static-embed.s3.amazonaws.com https://v.clarity.ms/collect https://cdn.jsdelivr.net - https://forms-na2.hscollectedforms.net/* - https://forms-na2.hsforms.com/*; + https://forms-na2.hscollectedforms.net + https://forms-na2.hsforms.com; form-action 'self' https://forms.hsforms.com @@ -246,6 +246,7 @@ responseHeaders: 'self' https://www.google.com https://www.youtube.com + https://forms-na2.hsforms.com/ https://demo.arcade.software; child-src 'self' @@ -259,26 +260,26 @@ responseHeaders: - name: X-Frame-Options value: SAMEORIGIN - # Editor page requires 'unsafe-eval' for OpenAPI validation (AJV schema compilation) - '/editor': - - name: Content-Security-Policy - value: " - script-src - 'self' - 'unsafe-eval' - https://cdn.jsdelivr.net - https://www.googletagmanager.com - 'sha256-M28mypAFwwpIwIF9e1/A6867PQiwVvOrdqFSTFSa8/U=' - 'sha256-Tq4uREmlYInMCBRtudvmIOCc+VdyPNg3t18I9xtvdgs=' - 'sha256-vHWNkFcRXsOiOWmmubySLtLeZ3xAubNJpC7UdmQgSQU=' - 'sha256-Ed6Lei7deBSXT1iYYw0V36YZXaA4v7OsRknNjmNl/9c='; - object-src 'none'; - base-uri 'self'; - connect-src 'self' https://cdn.jsdelivr.net; - style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; - worker-src 'self' blob:; - child-src 'self' blob:; - img-src 'self' data: https: blob:;" + # # Editor page requires 'unsafe-eval' for OpenAPI validation (AJV schema compilation) + # '/editor': + # - name: Content-Security-Policy + # value: " + # script-src + # 'self' + # 'unsafe-eval' + # https://cdn.jsdelivr.net + # https://www.googletagmanager.com + # 'sha256-M28mypAFwwpIwIF9e1/A6867PQiwVvOrdqFSTFSa8/U=' + # 'sha256-Tq4uREmlYInMCBRtudvmIOCc+VdyPNg3t18I9xtvdgs=' + # 'sha256-vHWNkFcRXsOiOWmmubySLtLeZ3xAubNJpC7UdmQgSQU=' + # 'sha256-Ed6Lei7deBSXT1iYYw0V36YZXaA4v7OsRknNjmNl/9c='; + # object-src 'none'; + # base-uri 'self'; + # connect-src 'self' https://cdn.jsdelivr.net; + # style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; + # worker-src 'self' blob:; + # child-src 'self' blob:; + # img-src 'self' data: https: blob:;" metadataGlobs: 'blog/**': From df0af75bd03e8a649d7ccdb6feecf5cc2c5d45bd Mon Sep 17 00:00:00 2001 From: Daryna Pastushenko Date: Mon, 9 Feb 2026 06:38:28 +0200 Subject: [PATCH 3/3] fix: remove comments --- redocly.yaml | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/redocly.yaml b/redocly.yaml index bf184a00..5fbb9f33 100644 --- a/redocly.yaml +++ b/redocly.yaml @@ -260,26 +260,26 @@ responseHeaders: - name: X-Frame-Options value: SAMEORIGIN - # # Editor page requires 'unsafe-eval' for OpenAPI validation (AJV schema compilation) - # '/editor': - # - name: Content-Security-Policy - # value: " - # script-src - # 'self' - # 'unsafe-eval' - # https://cdn.jsdelivr.net - # https://www.googletagmanager.com - # 'sha256-M28mypAFwwpIwIF9e1/A6867PQiwVvOrdqFSTFSa8/U=' - # 'sha256-Tq4uREmlYInMCBRtudvmIOCc+VdyPNg3t18I9xtvdgs=' - # 'sha256-vHWNkFcRXsOiOWmmubySLtLeZ3xAubNJpC7UdmQgSQU=' - # 'sha256-Ed6Lei7deBSXT1iYYw0V36YZXaA4v7OsRknNjmNl/9c='; - # object-src 'none'; - # base-uri 'self'; - # connect-src 'self' https://cdn.jsdelivr.net; - # style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; - # worker-src 'self' blob:; - # child-src 'self' blob:; - # img-src 'self' data: https: blob:;" + # Editor page requires 'unsafe-eval' for OpenAPI validation (AJV schema compilation) + '/editor': + - name: Content-Security-Policy + value: " + script-src + 'self' + 'unsafe-eval' + https://cdn.jsdelivr.net + https://www.googletagmanager.com + 'sha256-M28mypAFwwpIwIF9e1/A6867PQiwVvOrdqFSTFSa8/U=' + 'sha256-Tq4uREmlYInMCBRtudvmIOCc+VdyPNg3t18I9xtvdgs=' + 'sha256-vHWNkFcRXsOiOWmmubySLtLeZ3xAubNJpC7UdmQgSQU=' + 'sha256-Ed6Lei7deBSXT1iYYw0V36YZXaA4v7OsRknNjmNl/9c='; + object-src 'none'; + base-uri 'self'; + connect-src 'self' https://cdn.jsdelivr.net; + style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; + worker-src 'self' blob:; + child-src 'self' blob:; + img-src 'self' data: https: blob:;" metadataGlobs: 'blog/**':