mirror of
https://github.com/misskey-dev/misskey.git
synced 2024-12-13 23:20:50 +01:00
Add worker-src
This commit is contained in:
parent
c0d0c9ada2
commit
c3659a4ca2
1 changed files with 1 additions and 0 deletions
|
@ -183,6 +183,7 @@ export class ClientServerService {
|
||||||
const csp = this.config.contentSecurityPolicy
|
const csp = this.config.contentSecurityPolicy
|
||||||
?? 'script-src \'self\' ' +
|
?? 'script-src \'self\' ' +
|
||||||
'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ {scriptNonce}; ' +
|
'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ {scriptNonce}; ' +
|
||||||
|
'worker-src blob: \'self\'; ' +
|
||||||
'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
|
'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
|
||||||
reply.header('Content-Security-Policy-Report-Only', csp.replace('{scriptNonce}', `'nonce-${scriptNonce}'`));
|
reply.header('Content-Security-Policy-Report-Only', csp.replace('{scriptNonce}', `'nonce-${scriptNonce}'`));
|
||||||
done();
|
done();
|
||||||
|
|
Loading…
Reference in a new issue