fix(csp): 🐛 use https
src rule even behind a proxy
This commit is contained in:
parent
494c6b3a9f
commit
3dd4f2cc21
|
@ -15,7 +15,7 @@ export function useCsp(
|
|||
frameAncestors: ["'none'"],
|
||||
upgradeInsecureRequests: true,
|
||||
styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
|
||||
manifestSrc: [`${ctx.url.origin}/manifest.json`],
|
||||
manifestSrc: [`${ctx.url.origin.replace('http:', 'https:')}/manifest.json`],
|
||||
baseUri: ["'none'"],
|
||||
imgSrc: [
|
||||
...trustedDomains,
|
||||
|
|
Loading…
Reference in a new issue