moon
/
ditto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

csp: use template literals to avoid escaping single quotes

This commit is contained in:
Alex Gleason 2023-09-11 04:07:54 -05:00
parent 4310bb7157
commit 9cda8e3000
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/middleware/csp.ts
View File

@ -8,17 +8,17 @@ const csp = (): AppMiddleware => {
const policies = [ const policies = [
'upgrade-insecure-requests', 'upgrade-insecure-requests',
'script-src \'self\'', `script-src 'self'`,
`connect-src 'self' blob: ${Conf.localDomain} ${wsProtocol}//${host}`, `connect-src 'self' blob: ${Conf.localDomain} ${wsProtocol}//${host}`,
`media-src 'self' ${Conf.mediaDomain}`, `media-src 'self' ${Conf.mediaDomain}`,
`img-src 'self' data: blob: ${Conf.mediaDomain}`, `img-src 'self' data: blob: ${Conf.mediaDomain}`,
'default-src \'none\'', `default-src 'none'`,
'base-uri \'self\'', `base-uri 'self'`,
'frame-ancestors \'none\'', `frame-ancestors 'none'`,
'style-src \'self\' \'unsafe-inline\'', `style-src 'self' 'unsafe-inline'`,
'font-src \'self\'', `font-src 'self'`,
'manifest-src \'self\'', `manifest-src 'self'`,
'frame-src \'self\' https:', `frame-src 'self' https:`,
]; ];
c.res.headers.set('content-security-policy', policies.join('; ')); c.res.headers.set('content-security-policy', policies.join('; '));