versia-pub/frontend
2
0
Fork 0
mirror of https://github.com/versia-pub/frontend.git synced 2025-12-06 16:38:20 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 🔒 Allow all origins in form-action CSP

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-06-11 09:58:18 -10:00
parent e6650b6da4
commit 8f192a40ed
No known key found for this signature in database
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nuxt.config.ts
View file

@ -36,8 +36,9 @@ export default defineNuxtConfig({
contentSecurityPolicy: { contentSecurityPolicy: {
"img-src": ["'self'", "data:", "https:", "blob:"], "img-src": ["'self'", "data:", "https:", "blob:"],
"script-src": ["'nonce-{{nonce}}'", "'strict-dynamic'"], "script-src": ["'nonce-{{nonce}}'", "'strict-dynamic'"],
// Add https because of some browsers blocking form-action to 'self' if the page is from a redirect // Allow all origins for form-action, so that clients registering custom
"form-action": ["'self'", "https:", "tuba:"], // protocol handlers will work (native clients for example)
"form-action": ["*"],
"media-src": ["'self'", "https:", "blob:"], "media-src": ["'self'", "https:", "blob:"],
}, },
crossOriginResourcePolicy: "cross-origin", crossOriginResourcePolicy: "cross-origin",