From 73685c771abd10bab47a65de691e0c754e44b40f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivar=20Conradi=20=C3=98sthus?= Date: Thu, 6 Jan 2022 21:08:16 +0100 Subject: [PATCH] fix: allow static assets from cdn.getunleash.io --- src/lib/middleware/secure-headers.ts | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/lib/middleware/secure-headers.ts b/src/lib/middleware/secure-headers.ts index 096e2fb16a..cd5102378b 100644 --- a/src/lib/middleware/secure-headers.ts +++ b/src/lib/middleware/secure-headers.ts @@ -13,21 +13,28 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => { }, contentSecurityPolicy: { directives: { - defaultSrc: ["'self'"], + defaultSrc: ["'self'", 'cdn.getunleash.io'], fontSrc: [ "'self'", + 'cdn.getunleash.io', 'fonts.googleapis.com', 'fonts.gstatic.com', ], styleSrc: [ "'self'", "'unsafe-inline'", + 'cdn.getunleash.io', 'fonts.googleapis.com', 'fonts.gstatic.com', 'data:', ], - scriptSrc: ["'self'"], - imgSrc: ["'self'", 'data:', 'gravatar.com'], + scriptSrc: ["'self'", 'cdn.getunleash.io'], + imgSrc: [ + "'self'", + 'data:', + 'cdn.getunleash.io', + 'gravatar.com', + ], }, }, });