OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix CSP on dev mode

pull/1498/head
Chocobozzz 2018-12-17 09:42:28 +01:00
parent 9aac44236c
commit 8fc58cb580
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
server/middlewares/csp.ts
View File

@ -8,19 +8,18 @@ const baseDirectives = Object.assign({},
mediaSrc: ["'self'", 'https:', 'blob:'],
fontSrc: ["'self'", 'data:'],
imgSrc: ["'self'", 'data:'],
scriptSrc: ["'self' 'unsafe-inline'"],
scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],
styleSrc: ["'self' 'unsafe-inline'"],
// objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
formAction: ["'self'"],
frameAncestors: ["'none'"],
baseUri: ["'self'"],
pluginTypes: ["'none'"],
manifestSrc: ["'self'"],
frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed
workerSrc: ["'self'"], // instead of deprecated child-src
upgradeInsecureRequests: true
workerSrc: ["'self'"] // instead of deprecated child-src
},
(CONFIG.SERVICES['CSP-LOGGER'] != null) ? { reportUri: CONFIG.SERVICES['CSP-LOGGER'] } : {}
CONFIG.SERVICES['CSP-LOGGER'] ? { reportUri: CONFIG.SERVICES['CSP-LOGGER'] } : {},
CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {}
)
const baseCSP = helmet.contentSecurityPolicy({