versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix wrong CSP causing issues for HTTPS

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-04-07 01:51:41 -10:00
parent 4343a114a8
commit e20454bf58
No known key found for this signature in database
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
utils/response.ts
View file

@ -18,6 +18,9 @@ export const jsonResponse = (
"Access-Control-Allow-Origin": "*",
"Access-Control-Expose-Headers":
"Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key",
// CSP should follow Content Security Policy directive: "connect-src 'self' blob: https: wss:".
"Content-Security-Policy":
"default-src 'self'; connect-src 'self' blob: https: wss:; frame-ancestors 'none';",
...headers,
},
status,