moon
/
ditto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

csp: use template literals to avoid escaping single quotes

This commit is contained in:
Alex Gleason 2023-09-11 04:07:54 -05:00
parent 4310bb7157
commit 9cda8e3000
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/middleware/csp.ts
View File

@ -8,17 +8,17 @@ const csp = (): AppMiddleware => {
const policies = [
'upgrade-insecure-requests',
'script-src \'self\'',
`script-src 'self'`,
`connect-src 'self' blob: ${Conf.localDomain} ${wsProtocol}//${host}`,
`media-src 'self' ${Conf.mediaDomain}`,
`img-src 'self' data: blob: ${Conf.mediaDomain}`,
'default-src \'none\'',
'base-uri \'self\'',
'frame-ancestors \'none\'',
'style-src \'self\' \'unsafe-inline\'',
'font-src \'self\'',
'manifest-src \'self\'',
'frame-src \'self\' https:',
`default-src 'none'`,
`base-uri 'self'`,
`frame-ancestors 'none'`,
`style-src 'self' 'unsafe-inline'`,
`font-src 'self'`,
`manifest-src 'self'`,
`frame-src 'self' https:`,
];
c.res.headers.set('content-security-policy', policies.join('; '));