versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 16:38:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(frontend): 🐛 Add unsafe-inline to CSP for frontend

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-05-02 14:05:14 -10:00
parent 74b9083551
commit a339b7fa94
No known key found for this signature in database
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
utils/response.ts
View file

@ -32,7 +32,7 @@ export const clientResponse = (
) => { ) => {
return response(data, status, { return response(data, status, {
"Content-Security-Policy": "Content-Security-Policy":
"default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src *; font-src 'self'; connect-src 'self'; media-src *; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'", "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src *; font-src 'self'; connect-src 'self'; media-src *; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'",
"Access-Control-Allow-Origin": "null", "Access-Control-Allow-Origin": "null",
...headers, ...headers,
}); });