|
|
@@ -17,14 +17,14 @@ module.exports = {
|
|
|
},
|
|
|
|
|
|
CSP_DIRECTIVES: {
|
|
|
- 'default-src': "'self'",
|
|
|
+ 'default-src': "'none'",
|
|
|
'img-src': "'self' blob:",
|
|
|
'media-src': "'self' blob:",
|
|
|
'manifest-src': "'self'",
|
|
|
'style-src': "'self' 'unsafe-inline'",
|
|
|
'font-src ': "'self'; script-src 'self' 'unsafe-eval' blob:",
|
|
|
'connect-src':
|
|
|
- "'self' https://*.ente.io data: blob: https://ente-prod-eu.s3.eu-central-003.backblazeb2.com ",
|
|
|
+ "'self' https://*.ente.io http:localhost:8080 data: blob: https://ente-prod-eu.s3.eu-central-003.backblazeb2.com ",
|
|
|
'base-uri ': "'self'",
|
|
|
'frame-ancestors': " 'none'",
|
|
|
'form-action': "'none'",
|
|
|
@@ -38,9 +38,10 @@ module.exports = {
|
|
|
ALL_ROUTES: '/(.*)',
|
|
|
|
|
|
buildCSPHeader: (directives) => ({
|
|
|
- 'Content-Security-Policy-Report-Only': Object.entries(
|
|
|
- directives
|
|
|
- ).reduce((acc, [key, value]) => acc + `${key} ${value};`, ''),
|
|
|
+ 'Content-Security-Policy': Object.entries(directives).reduce(
|
|
|
+ (acc, [key, value]) => acc + `${key} ${value};`,
|
|
|
+ ''
|
|
|
+ ),
|
|
|
}),
|
|
|
|
|
|
convertToNextHeaderFormat: (headers) =>
|
Abhinav