[SM-247] Fix csp rules not working for local dev (#3588)

2024-06-28 10:55:27 +02:00 · 2022-09-29 15:24:04 +02:00 · 2022-09-29 15:24:04 +02:00 · 5915ef7ed9
commit 5915ef7ed9
parent c7f85504c5
1 changed files with 61 additions and 62 deletions
--- a/apps/web/webpack.config.js
+++ b/apps/web/webpack.config.js
@ -218,25 +218,23 @@ const devServer =
        },
        headers: (req) => {
          if (!req.originalUrl.includes("connector.html")) {
-            return [
-              {
-                key: "Content-Security-Policy",
-                value: `
-                  default-src 'self';
-                  script-src
+            return {
+              "Content-Security-Policy": `
+                default-src 'self'
+                ;script-src
                  'self'
                  'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w='
                  https://js.stripe.com
                  https://js.braintreegateway.com
-                    https://www.paypalobjects.com;
-                  style-src
+                  https://www.paypalobjects.com
+                ;style-src
                  'self'
                  https://assets.braintreegateway.com
                  https://*.paypal.com
                  'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
-                    'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4=';
+                  'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='
                  'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg='
-                  img-src
+                ;img-src
                  'self'
                  data:
                  https://icons.bitwarden.net
@ -244,20 +242,20 @@ const devServer =
                  https://www.paypalobjects.com
                  https://q.stripe.com
                  https://haveibeenpwned.com
-                      https://www.gravatar.com;
-                  child-src
+                  https://www.gravatar.com
+                ;child-src
                  'self'
                  https://js.stripe.com
                  https://assets.braintreegateway.com
                  https://*.paypal.com
-                    https://*.duosecurity.com;
-                  frame-src
+                  https://*.duosecurity.com
+                ;frame-src
                  'self'
                  https://js.stripe.com
                  https://assets.braintreegateway.com
                  https://*.paypal.com
-                    https://*.duosecurity.com;
-                  connect-src
+                  https://*.duosecurity.com
+                ;connect-src
                  'self'
                  wss://notifications.bitwarden.com
                  https://notifications.bitwarden.com
@ -274,12 +272,13 @@ const devServer =
                  https://quack.duckduckgo.com/api/email/addresses
                  https://app.anonaddy.com/api/v1/aliases
                  https://api.fastmail.com
-                    https://quack.duckduckgo.com/api/email/addresses;
-                  object-src
+                ;object-src
                  'self'
-                    blob:;`,
-              },
-            ];
+                  blob:
+                ;`
+                .replace(/\n/g, " ")
+                .replace(/ +(?= )/g, ""),
+            };
          }
        },
        hot: false,