fix(csp): 🐛 use https
src rule even behind a proxy
This commit is contained in:
parent
494c6b3a9f
commit
3dd4f2cc21
|
@ -15,7 +15,7 @@ export function useCsp(
|
||||||
frameAncestors: ["'none'"],
|
frameAncestors: ["'none'"],
|
||||||
upgradeInsecureRequests: true,
|
upgradeInsecureRequests: true,
|
||||||
styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
|
styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
|
||||||
manifestSrc: [`${ctx.url.origin}/manifest.json`],
|
manifestSrc: [`${ctx.url.origin.replace('http:', 'https:')}/manifest.json`],
|
||||||
baseUri: ["'none'"],
|
baseUri: ["'none'"],
|
||||||
imgSrc: [
|
imgSrc: [
|
||||||
...trustedDomains,
|
...trustedDomains,
|
||||||
|
|
Loading…
Reference in a new issue