aboutsummaryrefslogtreecommitdiffhomepage
path: root/client/src
diff options
context:
space:
mode:
authorRigel Kent <par@rigelk.eu>2018-12-13 09:49:45 +0100
committerChocobozzz <me@florianbigard.com>2018-12-13 09:49:45 +0100
commit5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 (patch)
tree699a0724de91f4151ec7d67b700f5b7736a78e45 /client/src
parent9ecac97be024cf2277872986950d7eec85cbc76e (diff)
downloadPeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.gz
PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.zst
PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.zip
add Content Security Policy (#1252)
* add Content Security Policy * remove reflect-metadata on production builds to get rid of unsafe-eval * fix baseCSP usage * add SRI to CSP * add blob: to media-src * remove SRI * CSP set to reportOnly * adding data: to connect-src CSP * remove block-all-mixed-content * add report-uri support
Diffstat (limited to 'client/src')
-rw-r--r--client/src/environments/environment.ts7
-rw-r--r--client/src/polyfills.ts8
2 files changed, 14 insertions, 1 deletions
diff --git a/client/src/environments/environment.ts b/client/src/environments/environment.ts
index 5bb6f4b34..1ea483554 100644
--- a/client/src/environments/environment.ts
+++ b/client/src/environments/environment.ts
@@ -2,6 +2,13 @@
2// `ng build --env=prod` then `environment.prod.ts` will be used instead. 2// `ng build --env=prod` then `environment.prod.ts` will be used instead.
3// The list of which env maps to which file can be found in `.angular-cli.json`. 3// The list of which env maps to which file can be found in `.angular-cli.json`.
4 4
5// Reflect.metadata polyfill is only needed in the JIT/dev mode.
6//
7// In order to load these polyfills early enough (before app code), polyfill.ts imports this file to
8// to change the order in the final bundle.
9import 'core-js/es6/reflect'
10import 'core-js/es7/reflect'
11
5export const environment = { 12export const environment = {
6 production: false, 13 production: false,
7 hmr: false, 14 hmr: false,
diff --git a/client/src/polyfills.ts b/client/src/polyfills.ts
index 5dff18632..368908432 100644
--- a/client/src/polyfills.ts
+++ b/client/src/polyfills.ts
@@ -45,7 +45,13 @@ import 'core-js/es7/object'
45/** IE10 and IE11 requires the following for the Reflect API. */ 45/** IE10 and IE11 requires the following for the Reflect API. */
46 46
47// For Google Bot 47// For Google Bot
48import 'core-js/es6/reflect' 48// import 'core-js/es6/reflect'; // --> dealt with in src/environment.ts
49
50/**
51 * Evergreen browsers require these.
52 */
53// Used for reflect-metadata in JIT. If you use AOT (and only Angular decorators), you can remove.
54// import 'core-js/es7/reflect' // --> dealt with in src/environment.ts
49 55
50/** 56/**
51 * Required to support Web Animations `@angular/platform-browser/animations`. 57 * Required to support Web Animations `@angular/platform-browser/animations`.