cohabit/website
5
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(csp): 🐛 use https src rule even behind a proxy

Browse source
This commit is contained in:
Julien Oculi 2024-07-09 14:19:15 +02:00
parent 494c6b3a9f
commit 3dd4f2cc21
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/csp/middleware.ts
View file

@ -15,7 +15,7 @@ export function useCsp(
frameAncestors: ["'none'"], frameAncestors: ["'none'"],
upgradeInsecureRequests: true, upgradeInsecureRequests: true,
styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
manifestSrc: [`${ctx.url.origin}/manifest.json`], manifestSrc: [`${ctx.url.origin.replace('http:', 'https:')}/manifest.json`],
baseUri: ["'none'"], baseUri: ["'none'"],
imgSrc: [ imgSrc: [
...trustedDomains, ...trustedDomains,