1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

fix: allow static assets from cdn.getunleash.io

This commit is contained in:
Ivar Conradi Østhus 2022-01-06 21:08:16 +01:00
parent 571dcf5d1c
commit 73685c771a
No known key found for this signature in database
GPG Key ID: 31AC596886B0BD09

View File

@ -13,21 +13,28 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
}, },
contentSecurityPolicy: { contentSecurityPolicy: {
directives: { directives: {
defaultSrc: ["'self'"], defaultSrc: ["'self'", 'cdn.getunleash.io'],
fontSrc: [ fontSrc: [
"'self'", "'self'",
'cdn.getunleash.io',
'fonts.googleapis.com', 'fonts.googleapis.com',
'fonts.gstatic.com', 'fonts.gstatic.com',
], ],
styleSrc: [ styleSrc: [
"'self'", "'self'",
"'unsafe-inline'", "'unsafe-inline'",
'cdn.getunleash.io',
'fonts.googleapis.com', 'fonts.googleapis.com',
'fonts.gstatic.com', 'fonts.gstatic.com',
'data:', 'data:',
], ],
scriptSrc: ["'self'"], scriptSrc: ["'self'", 'cdn.getunleash.io'],
imgSrc: ["'self'", 'data:', 'gravatar.com'], imgSrc: [
"'self'",
'data:',
'cdn.getunleash.io',
'gravatar.com',
],
}, },
}, },
}); });