teppeis/csp-github.txt

## csp-github.txt
Content-Security-Policy:
  default-src 'none';
  base-uri 'self';
  block-all-mixed-content;
  child-src render.githubusercontent.com;
  connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com wss://live.github.com;
  font-src assets-cdn.github.com;
  form-action 'self' github.com gist.github.com;
  frame-ancestors 'none';
  img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com;
  media-src 'none';
  script-src assets-cdn.github.com;
  style-src 'unsafe-inline' assets-cdn.github.com
	Content-Security-Policy:
	default-src 'none';
	base-uri 'self';
	block-all-mixed-content;
	child-src render.githubusercontent.com;
	connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com wss://live.github.com;
	font-src assets-cdn.github.com;
	form-action 'self' github.com gist.github.com;
	frame-ancestors 'none';
	img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com;
	media-src 'none';
	script-src assets-cdn.github.com;
	style-src 'unsafe-inline' assets-cdn.github.com