From 3dd4f2cc2176028aadadf34ed5d5b3c6a3b8cb59 Mon Sep 17 00:00:00 2001
From: Julien Oculi <xdrz.jot.sr@gmail.com>
Date: Tue, 9 Jul 2024 14:19:15 +0200
Subject: [PATCH] fix(csp): :bug: use `https` src rule even behind a proxy

---
 src/csp/middleware.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/csp/middleware.ts b/src/csp/middleware.ts
index e5d39ee..cb8b02b 100644
--- a/src/csp/middleware.ts
+++ b/src/csp/middleware.ts
@@ -15,7 +15,7 @@ export function useCsp(
         frameAncestors: ["'none'"],
         upgradeInsecureRequests: true,
         styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
-        manifestSrc: [`${ctx.url.origin}/manifest.json`],
+        manifestSrc: [`${ctx.url.origin.replace('http:', 'https:')}/manifest.json`],
         baseUri: ["'none'"],
         imgSrc: [
             ...trustedDomains,