Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2026-01-23 20:06:43 +01:00
Code Issues Projects Releases Wiki Activity

fix: add cdn.getunleash.io to media-src (#11168)

Browse Source 
Add self and cdn as allowed sources for mediaSrc in our CSP.
This commit is contained in:
Fredrik Strand Oseberg 2025-12-18 09:35:12 +01:00 committed by GitHub
parent 97d393059f
commit bc4b6cdf1f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/lib/middleware/secure-headers.ts
View File

@ -64,6 +64,8 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
...config.additionalCspAllowedDomains.connectSrc,
],
mediaSrc: [
"'self'",
'cdn.getunleash.io',
'*.youtube.com',
'*.youtube-nocookie.com',
...config.additionalCspAllowedDomains.mediaSrc,