From 20b68d06de49ac7470865e51e95cb059e2248eb7 Mon Sep 17 00:00:00 2001
From: Hayden Blauzvern <hblauzvern@google.com>
Date: Fri, 3 Nov 2023 20:53:13 +0000
Subject: [PATCH 1/2] Embed status of public good instance

Small wording changes for deployment page too.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
---
 content/en/system_config/public_deployment.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/content/en/system_config/public_deployment.md b/content/en/system_config/public_deployment.md
index f084cd39..4a062ea0 100644
--- a/content/en/system_config/public_deployment.md
+++ b/content/en/system_config/public_deployment.md
@@ -5,7 +5,13 @@ title: Public Deployment
 weight: 960
 ---
 
-There is a public staging environment, or deployment, that is running Fulcio, Rekor and OIDC issuer.
+## Public-Good Instance
+
+<iframe src="https://status.sigstore.dev/badge?theme=light" width="250" height="30" frameborder="0" scrolling="no"></iframe>
+
+## Staging Instance
+
+There is a public staging environment with staging versions of Fulcio, Rekor and an OIDC issuer, with its own roots of trust.
 
 **NOTE** The staging environment provides neither SLO guarantees nor the same protection of the root key material for TUF. This environment is meant for development and testing only. It is not appropriate to use for production purposes.
 

From 9b9ce367a73a96e7def542344dfb7ff56818b3d7 Mon Sep 17 00:00:00 2001
From: Hayden Blauzvern <hblauzvern@google.com>
Date: Fri, 3 Nov 2023 20:57:46 +0000
Subject: [PATCH 2/2] Update CSP header for status page

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
---
 layouts/index.headers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/layouts/index.headers b/layouts/index.headers
index 5f6b4eb0..35efd12e 100644
--- a/layouts/index.headers
+++ b/layouts/index.headers
@@ -2,7 +2,7 @@
   Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
   X-Content-Type-Options: nosniff
   X-XSS-Protection: 1; mode=block
-  Content-Security-Policy: default-src 'self'; frame-ancestors https://jamstackthemes.dev; manifest-src 'self' https://*.netlify.app; connect-src 'self' https://*.netlify.app; font-src 'self' https://*.netlify.app; img-src 'self' https://*.netlify.app data: https://i.giphy.com; script-src 'self' https://*.netlify.app 'sha512-RGGByJUOP98hE4wFZM78RM/3MijWJs0Tm0DbfrFhCDCXKXfDx60fii+syp5iMs3UcNX/1H4zJNgmqSejfhHrYw==' 'sha512-RBYr6Ld4w1yVqaACrgrBLQfPgGhj/1jyacA74WxJ1KM6KVcSWymwrdDwb3HDcdpwiNJ5yssot1He0U9vXoQVlg==' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-vOgyKS2vkH4n5TxBJpeh9SgzrE6LVGsAeOAvEST6oCc='; style-src 'self' https://*.netlify.app 'unsafe-inline'
+  Content-Security-Policy: default-src 'self'; frame-src https://status.sigstore.dev; frame-ancestors https://jamstackthemes.dev; manifest-src 'self' https://*.netlify.app; connect-src 'self' https://*.netlify.app; font-src 'self' https://*.netlify.app; img-src 'self' https://*.netlify.app data: https://i.giphy.com; script-src 'self' https://*.netlify.app 'sha512-RGGByJUOP98hE4wFZM78RM/3MijWJs0Tm0DbfrFhCDCXKXfDx60fii+syp5iMs3UcNX/1H4zJNgmqSejfhHrYw==' 'sha512-RBYr6Ld4w1yVqaACrgrBLQfPgGhj/1jyacA74WxJ1KM6KVcSWymwrdDwb3HDcdpwiNJ5yssot1He0U9vXoQVlg==' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-vOgyKS2vkH4n5TxBJpeh9SgzrE6LVGsAeOAvEST6oCc='; style-src 'self' https://*.netlify.app 'unsafe-inline'
   X-Frame-Options: SAMEORIGIN
   Referrer-Policy: strict-origin
   Permissions-Policy: geolocation=(self), microphone=(), camera=()