1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-29 12:55:21 +01:00

[SM-247] Fix csp rules not working for local dev (#3588)

This commit is contained in:
Oscar Hinton 2022-09-29 15:24:04 +02:00 committed by GitHub
parent c7f85504c5
commit 5915ef7ed9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -218,25 +218,23 @@ const devServer =
},
headers: (req) => {
if (!req.originalUrl.includes("connector.html")) {
return [
{
key: "Content-Security-Policy",
value: `
default-src 'self';
script-src
return {
"Content-Security-Policy": `
default-src 'self'
;script-src
'self'
'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w='
https://js.stripe.com
https://js.braintreegateway.com
https://www.paypalobjects.com;
style-src
https://www.paypalobjects.com
;style-src
'self'
https://assets.braintreegateway.com
https://*.paypal.com
'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4=';
'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='
'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg='
img-src
;img-src
'self'
data:
https://icons.bitwarden.net
@ -244,20 +242,20 @@ const devServer =
https://www.paypalobjects.com
https://q.stripe.com
https://haveibeenpwned.com
https://www.gravatar.com;
child-src
https://www.gravatar.com
;child-src
'self'
https://js.stripe.com
https://assets.braintreegateway.com
https://*.paypal.com
https://*.duosecurity.com;
frame-src
https://*.duosecurity.com
;frame-src
'self'
https://js.stripe.com
https://assets.braintreegateway.com
https://*.paypal.com
https://*.duosecurity.com;
connect-src
https://*.duosecurity.com
;connect-src
'self'
wss://notifications.bitwarden.com
https://notifications.bitwarden.com
@ -274,12 +272,13 @@ const devServer =
https://quack.duckduckgo.com/api/email/addresses
https://app.anonaddy.com/api/v1/aliases
https://api.fastmail.com
https://quack.duckduckgo.com/api/email/addresses;
object-src
;object-src
'self'
blob:;`,
},
];
blob:
;`
.replace(/\n/g, " ")
.replace(/ +(?= )/g, ""),
};
}
},
hot: false,