Commit 437d17a8 authored by Leon's avatar Leon 😶

🔒 CSP: laxist mode

parent 307cf214
......@@ -62,16 +62,19 @@ export function initFrontend(): number {
const cspMiddleware = csp({
// Specify directives as normal.
directives: {
defaultSrc: ['\'self\''],
defaultSrc: ['\'self\'', 'data:'],
scriptSrc: ['\'self\'', '\'unsafe-inline\'', '\'unsafe-eval\''],
styleSrc: ['\'self\'', '\'unsafe-inline\''],
imgSrc: ['\'self\'', 'data:'],
connectSrc: ['\'self\'', 'https:'],
sandbox: ['allow-forms', 'allow-scripts', 'allow-same-origin', 'allow-modals'],
reportUri: process.env.SENTRY_CSP || sentryCSP,
upgradeInsecureRequests: false,
workerSrc: false // This is not set.
},
reportOnly: true,
disableAndroid: true
});
app.use(cors());
app.use(passport.initialize());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment