Security Headers

If you use CSP, you need to expand your policy with the following additions.

At minimum you need to add https://import.comments.sh to connect-src so a client script can post and retrieve comments.

If you use the provided client script add https://import.comments.sh to script-src so the client can be imported.

Example

A complete CSP might look something like this:

default-src 'self'; script-src 'self' https://import.comments.sh; connect-src 'self' https://import.comments.sh;