Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-25 12:15:18 +01:00
Code Issues Projects Releases Wiki Activity

add csp and only pass hostname to duo init (#3972)

Browse Source 
* add csp and only pass hostname to duo init

* expand style-src

* Update apps/web/src/connectors/duo.html

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
This commit is contained in:
Kyle Spearrin 2022-11-04 10:26:30 -04:00 committed by GitHub
parent 6dc846081a
commit 839d89e0b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/web/src/connectors/duo.html
View File

@ -6,6 +6,10 @@
name="viewport"
content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width"
/>
<meta
http-equiv="Content-Security-Policy"
content="default-src 'self'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com;"
/>
<title>Bitwarden Duo Connector</title>
</head>

2
apps/web/src/connectors/duo.ts
View File

@ -23,7 +23,7 @@ document.addEventListener("DOMContentLoaded", () => {
DuoWebSDK.init({
iframe: "duo_iframe",
host: hostParam,
host: hostUrl.hostname,
sig_request: requestParam,
submit_callback: (form: any) => {
invokeCSCode(form.elements.sig_response.value);