mirror of
https://github.com/bitwarden/browser.git
synced 2024-11-25 12:15:18 +01:00
add csp and only pass hostname to duo init (#3972)
* add csp and only pass hostname to duo init * expand style-src * Update apps/web/src/connectors/duo.html Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
This commit is contained in:
parent
6dc846081a
commit
839d89e0b4
@ -6,6 +6,10 @@
|
|||||||
name="viewport"
|
name="viewport"
|
||||||
content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width"
|
content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width"
|
||||||
/>
|
/>
|
||||||
|
<meta
|
||||||
|
http-equiv="Content-Security-Policy"
|
||||||
|
content="default-src 'self'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com;"
|
||||||
|
/>
|
||||||
<title>Bitwarden Duo Connector</title>
|
<title>Bitwarden Duo Connector</title>
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ document.addEventListener("DOMContentLoaded", () => {
|
|||||||
|
|
||||||
DuoWebSDK.init({
|
DuoWebSDK.init({
|
||||||
iframe: "duo_iframe",
|
iframe: "duo_iframe",
|
||||||
host: hostParam,
|
host: hostUrl.hostname,
|
||||||
sig_request: requestParam,
|
sig_request: requestParam,
|
||||||
submit_callback: (form: any) => {
|
submit_callback: (form: any) => {
|
||||||
invokeCSCode(form.elements.sig_response.value);
|
invokeCSCode(form.elements.sig_response.value);
|
||||||
|
Loading…
Reference in New Issue
Block a user