Improve Content-Security-Policy (#25210)
parent
59b6285458
commit
afab95288e
|
@ -26,7 +26,7 @@
|
||||||
<meta http-equiv="Content-Security-Policy" content="
|
<meta http-equiv="Content-Security-Policy" content="
|
||||||
default-src 'none';
|
default-src 'none';
|
||||||
style-src 'self' 'unsafe-inline' <%= csp_extra_source %>;
|
style-src 'self' 'unsafe-inline' <%= csp_extra_source %>;
|
||||||
script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com <%= csp_extra_source %>;
|
script-src 'self' 'wasm-unsafe-eval' https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ <%= csp_extra_source %>;
|
||||||
img-src * blob: data:;
|
img-src * blob: data:;
|
||||||
connect-src *;
|
connect-src *;
|
||||||
font-src 'self' data: <%= csp_extra_source %>;
|
font-src 'self' data: <%= csp_extra_source %>;
|
||||||
|
|
|
@ -99,8 +99,8 @@ module.exports = (env, argv) => {
|
||||||
|
|
||||||
const development = {};
|
const development = {};
|
||||||
if (devMode) {
|
if (devMode) {
|
||||||
// High quality, embedded source maps for dev builds
|
// Embedded source maps for dev builds, can't use eval-source-map due to CSP
|
||||||
development["devtool"] = "eval-source-map";
|
development["devtool"] = "inline-source-map";
|
||||||
} else {
|
} else {
|
||||||
if (process.env.CI_PACKAGE) {
|
if (process.env.CI_PACKAGE) {
|
||||||
// High quality source maps in separate .map files which include the source. This doesn't bulk up the .js
|
// High quality source maps in separate .map files which include the source. This doesn't bulk up the .js
|
||||||
|
|
Loading…
Reference in New Issue