From bdd970f9dee1e24d800b61f17bfc8228fe147b29 Mon Sep 17 00:00:00 2001
From: Blake Niemyjski <bniemyjski@gmail.com>
Date: Thu, 13 Aug 2020 07:48:03 -0500
Subject: [PATCH] Security Headers were using url from dns prefetch instead of
 script url https://github.com/exceptionless/Exceptionless.UI/issues/195

---
 Dockerfile                       |  2 +-
 README.md                        |  2 +-
 k8s/ex-dev-values.yaml           |  2 +-
 k8s/ex-prod-values.yaml          |  2 +-
 src/Exceptionless.Web/Startup.cs | 12 ++++++------
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 63716f9e20..e4dd349208 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG UI_VERSION=ui:2.9.1
+ARG UI_VERSION=ui:2.9.2
 FROM exceptionless/${UI_VERSION} AS ui
 
 FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
diff --git a/README.md b/README.md
index 8669c2dd29..b5ea6125d0 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Refer to the [Exceptionless documentation wiki](https://github.com/exceptionless
 ## Hosting Options
 We provide very reasonably priced hosting at [Exceptionless](http://exceptionless.com). By using our hosted service, you are supporting the project and helping it get better! We also provide set up and support services.
 
-Exceptionless can be run locally as simply as `docker run --rm -it -p 5000:80 exceptionless/exceptionless:6.1.1`. This will run a completely self-contained simple instance of Exceptionless. It is only suitable for testing purposes since it will not persist data. For more complete setups, check out the [self hosting documentation](https://github.com/exceptionless/Exceptionless/wiki/Self-Hosting). Also, if you want to support the project while self hosting you can send us a pull request or [donation](https://donorbox.org/exceptionless?recurring=true).
+Exceptionless can be run locally as simply as `docker run --rm -it -p 5000:80 exceptionless/exceptionless:6.1.3`. This will run a completely self-contained simple instance of Exceptionless. It is only suitable for testing purposes since it will not persist data. For more complete setups, check out the [self hosting documentation](https://github.com/exceptionless/Exceptionless/wiki/Self-Hosting). Also, if you want to support the project while self hosting you can send us a pull request or [donation](https://donorbox.org/exceptionless?recurring=true).
 
 ## Contributing
 _In appreciation for anyone who submits a non-trivial pull request, we will give you a free [Exceptionless](http://exceptionless.com) paid plan for a year. After your pull request is accepted, simply send an email to team@exceptionless.io with the name of your organization and we will upgrade you to a paid plan._
diff --git a/k8s/ex-dev-values.yaml b/k8s/ex-dev-values.yaml
index db6f3c882e..740ddbafb7 100644
--- a/k8s/ex-dev-values.yaml
+++ b/k8s/ex-dev-values.yaml
@@ -7,7 +7,7 @@ api:
     - dev-api.exceptionless.io
 app:
   image:
-    tag: "2.9.1"
+    tag: "2.9.2"
   defaultDomain: dev-app.exceptionless.io
   domains:
     - dev-app.exceptionless.io
diff --git a/k8s/ex-prod-values.yaml b/k8s/ex-prod-values.yaml
index 8b3268cd88..f2eb14b029 100644
--- a/k8s/ex-prod-values.yaml
+++ b/k8s/ex-prod-values.yaml
@@ -7,7 +7,7 @@ api:
 app:
   replicaCount: 2
   image:
-    tag: "2.9.1"
+    tag: "2.9.2"
   defaultDomain: be.exceptionless.io
   domains:
     - be.exceptionless.io
diff --git a/src/Exceptionless.Web/Startup.cs b/src/Exceptionless.Web/Startup.cs
index 3187d730ed..838a8c542b 100644
--- a/src/Exceptionless.Web/Startup.cs
+++ b/src/Exceptionless.Web/Startup.cs
@@ -163,8 +163,8 @@ public void Configure(IApplicationBuilder app) {
                 csp.AllowFonts.FromSelf()
                     .From("https://fonts.gstatic.com")
                     .From("http://fonts.gstatic.com")
-                    .From("https://www.jsdelivr.com")
-                    .From("http://www.jsdelivr.com");
+                    .From("https://cdn.jsdelivr.net")
+                    .From("http://cdn.jsdelivr.net");
                 csp.AllowImages.FromSelf()
                     .From("data:")
                     .From("https://q.stripe.com")
@@ -176,14 +176,14 @@ public void Configure(IApplicationBuilder app) {
                     .AllowUnsafeEval()
                     .From("https://js.stripe.com")
                     .From("http://js.stripe.com")
-                    .From("https://www.jsdelivr.com")
-                    .From("http://www.jsdelivr.com");
+                    .From("https://cdn.jsdelivr.net")
+                    .From("http://cdn.jsdelivr.net");
                 csp.AllowStyles.FromSelf()
                     .AllowUnsafeInline()
                     .From("https://fonts.googleapis.com")
                     .From("http://fonts.googleapis.com")
-                    .From("https://www.jsdelivr.com")
-                    .From("http://www.jsdelivr.com");
+                    .From("https://cdn.jsdelivr.net")
+                    .From("http://cdn.jsdelivr.net");
             });
 
             app.Use(async (context, next) => {