Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-10-27 11:02:16 +01:00
Code Issues Projects Releases Wiki Activity

fix: allow static assets from cdn.getunleash.io

Browse Source
This commit is contained in:
Ivar Conradi Østhus 2022-01-06 21:08:16 +01:00
parent 571dcf5d1c
commit 73685c771a
No known key found for this signature in database
GPG Key ID: 31AC596886B0BD09
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/lib/middleware/secure-headers.ts
View File

@ -13,21 +13,28 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
},
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
defaultSrc: ["'self'", 'cdn.getunleash.io'],
fontSrc: [
"'self'",
'cdn.getunleash.io',
'fonts.googleapis.com',
'fonts.gstatic.com',
],
styleSrc: [
"'self'",
"'unsafe-inline'",
'cdn.getunleash.io',
'fonts.googleapis.com',
'fonts.gstatic.com',
'data:',
],
scriptSrc: ["'self'"],
imgSrc: ["'self'", 'data:', 'gravatar.com'],
scriptSrc: ["'self'", 'cdn.getunleash.io'],
imgSrc: [
"'self'",
'data:',
'cdn.getunleash.io',
'gravatar.com',
],
},
},
});