mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-26 17:08:33 +01:00
[SM-247] Fix csp rules not working for local dev (#3588)
This commit is contained in:
parent
c7f85504c5
commit
5915ef7ed9
@ -218,68 +218,67 @@ const devServer =
|
||||
},
|
||||
headers: (req) => {
|
||||
if (!req.originalUrl.includes("connector.html")) {
|
||||
return [
|
||||
{
|
||||
key: "Content-Security-Policy",
|
||||
value: `
|
||||
default-src 'self';
|
||||
script-src
|
||||
'self'
|
||||
'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w='
|
||||
https://js.stripe.com
|
||||
https://js.braintreegateway.com
|
||||
https://www.paypalobjects.com;
|
||||
style-src
|
||||
'self'
|
||||
https://assets.braintreegateway.com
|
||||
https://*.paypal.com
|
||||
'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
|
||||
'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4=';
|
||||
'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg='
|
||||
img-src
|
||||
'self'
|
||||
data:
|
||||
https://icons.bitwarden.net
|
||||
https://*.paypal.com
|
||||
https://www.paypalobjects.com
|
||||
https://q.stripe.com
|
||||
https://haveibeenpwned.com
|
||||
https://www.gravatar.com;
|
||||
child-src
|
||||
'self'
|
||||
https://js.stripe.com
|
||||
https://assets.braintreegateway.com
|
||||
https://*.paypal.com
|
||||
https://*.duosecurity.com;
|
||||
frame-src
|
||||
'self'
|
||||
https://js.stripe.com
|
||||
https://assets.braintreegateway.com
|
||||
https://*.paypal.com
|
||||
https://*.duosecurity.com;
|
||||
connect-src
|
||||
'self'
|
||||
wss://notifications.bitwarden.com
|
||||
https://notifications.bitwarden.com
|
||||
https://cdn.bitwarden.net
|
||||
https://api.pwnedpasswords.com
|
||||
https://2fa.directory/api/v3/totp.json
|
||||
https://api.stripe.com
|
||||
https://www.paypal.com
|
||||
https://api.braintreegateway.com
|
||||
https://client-analytics.braintreegateway.com
|
||||
https://*.braintree-api.com
|
||||
https://*.blob.core.windows.net
|
||||
https://app.simplelogin.io/api/alias/random/new
|
||||
https://quack.duckduckgo.com/api/email/addresses
|
||||
https://app.anonaddy.com/api/v1/aliases
|
||||
https://api.fastmail.com
|
||||
https://quack.duckduckgo.com/api/email/addresses;
|
||||
object-src
|
||||
'self'
|
||||
blob:;`,
|
||||
},
|
||||
];
|
||||
return {
|
||||
"Content-Security-Policy": `
|
||||
default-src 'self'
|
||||
;script-src
|
||||
'self'
|
||||
'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w='
|
||||
https://js.stripe.com
|
||||
https://js.braintreegateway.com
|
||||
https://www.paypalobjects.com
|
||||
;style-src
|
||||
'self'
|
||||
https://assets.braintreegateway.com
|
||||
https://*.paypal.com
|
||||
'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
|
||||
'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='
|
||||
'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg='
|
||||
;img-src
|
||||
'self'
|
||||
data:
|
||||
https://icons.bitwarden.net
|
||||
https://*.paypal.com
|
||||
https://www.paypalobjects.com
|
||||
https://q.stripe.com
|
||||
https://haveibeenpwned.com
|
||||
https://www.gravatar.com
|
||||
;child-src
|
||||
'self'
|
||||
https://js.stripe.com
|
||||
https://assets.braintreegateway.com
|
||||
https://*.paypal.com
|
||||
https://*.duosecurity.com
|
||||
;frame-src
|
||||
'self'
|
||||
https://js.stripe.com
|
||||
https://assets.braintreegateway.com
|
||||
https://*.paypal.com
|
||||
https://*.duosecurity.com
|
||||
;connect-src
|
||||
'self'
|
||||
wss://notifications.bitwarden.com
|
||||
https://notifications.bitwarden.com
|
||||
https://cdn.bitwarden.net
|
||||
https://api.pwnedpasswords.com
|
||||
https://2fa.directory/api/v3/totp.json
|
||||
https://api.stripe.com
|
||||
https://www.paypal.com
|
||||
https://api.braintreegateway.com
|
||||
https://client-analytics.braintreegateway.com
|
||||
https://*.braintree-api.com
|
||||
https://*.blob.core.windows.net
|
||||
https://app.simplelogin.io/api/alias/random/new
|
||||
https://quack.duckduckgo.com/api/email/addresses
|
||||
https://app.anonaddy.com/api/v1/aliases
|
||||
https://api.fastmail.com
|
||||
;object-src
|
||||
'self'
|
||||
blob:
|
||||
;`
|
||||
.replace(/\n/g, " ")
|
||||
.replace(/ +(?= )/g, ""),
|
||||
};
|
||||
}
|
||||
},
|
||||
hot: false,
|
||||
|
Loading…
Reference in New Issue
Block a user