fix: allow Cloudflare beacon in CSP

Cloudflare auto-injects Web Analytics at the edge on staging. Add the beacon domain to script-src, its inline config hash, and cloudflareinsights.com to connect-src for the beacon ping.

sha256:c219e25f79e803cb1e55d5ad1c2370caf908c3eb7c4a0f8392240faf92bed091 sha

sha256:c93697b4dd3a98c1ce87756c8a509af52ded2cef727d2e6e9f9f8544447d3779 parent

sha256:755a2e5bb2ef08346b318a241819a7b9f070e43bfe8363df4f5b9a4fd1e72fbf snapshot

← Older Oldest on task/csp-cloudflare-beacon

All commits

Newer → Latest on task/csp-cloudflare-beacon

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:c219e25f79e803cb1e55d5ad1c2370caf908c3eb7c4a0f8392240faf92bed091 --body "your comment"

Provenance signed

gabriel

Bump BREAKING

Breaking

musehub/main.py::SecurityHeadersMiddleware

Signature Cryptographically verified

Snapshot

ID sha256:755a2e5bb2ef08346b318a241819a7b9f070e43bfe8363df4f5b9a4fd1e72fbf

Files 0

Browse tree at this commit →

Commit

SHA sha256:c219e25f79e803cb1e55d5ad1c2370caf908c3eb7c4a0f8392240faf92bed091

Parent

sha256:c93697b4dd3a98c1ce87756c8a509af52ded2cef727d2e6e9f9f8544447d3779

Branch task/csp-cloudflare-beacon