injection security
This commit is contained in:
parent
4410f01d48
commit
0cfa048d0d
|
|
@ -65,7 +65,7 @@ const isDev = process.env.NODE_ENV === 'development'
|
||||||
const cspDirectives = {
|
const cspDirectives = {
|
||||||
defaultSrc: ["'self'"],
|
defaultSrc: ["'self'"],
|
||||||
scriptSrc: ["'self'", 'https://www.google.com/recaptcha/', 'https://www.gstatic.com/recaptcha/'],
|
scriptSrc: ["'self'", 'https://www.google.com/recaptcha/', 'https://www.gstatic.com/recaptcha/'],
|
||||||
styleSrc: ["'self'", 'https://fonts.googleapis.com'],
|
styleSrc: ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com'],
|
||||||
fontSrc: ["'self'", 'https://fonts.gstatic.com'],
|
fontSrc: ["'self'", 'https://fonts.gstatic.com'],
|
||||||
imgSrc: ["'self'", 'data:'],
|
imgSrc: ["'self'", 'data:'],
|
||||||
connectSrc: isDev ? ["'self'", 'ws://localhost:*'] : ["'self'"],
|
connectSrc: isDev ? ["'self'", 'ws://localhost:*'] : ["'self'"],
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue