aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-12-17 09:42:28 +0100
committerChocobozzz <me@florianbigard.com>2018-12-17 09:42:28 +0100
commit8fc58cb580994efe8f5167739568afadfe9850d7 (patch)
tree734c6c13adc679198404a916fbed2e75600cb04a /server
parent9aac44236c84f17b14ce35e358a87389766e2743 (diff)
downloadPeerTube-8fc58cb580994efe8f5167739568afadfe9850d7.tar.gz
PeerTube-8fc58cb580994efe8f5167739568afadfe9850d7.tar.zst
PeerTube-8fc58cb580994efe8f5167739568afadfe9850d7.zip
Fix CSP on dev mode
Diffstat (limited to 'server')
-rw-r--r--server/middlewares/csp.ts11
1 files changed, 5 insertions, 6 deletions
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts
index a0ed3710b..8b919af0d 100644
--- a/server/middlewares/csp.ts
+++ b/server/middlewares/csp.ts
@@ -8,19 +8,18 @@ const baseDirectives = Object.assign({},
8 mediaSrc: ["'self'", 'https:', 'blob:'], 8 mediaSrc: ["'self'", 'https:', 'blob:'],
9 fontSrc: ["'self'", 'data:'], 9 fontSrc: ["'self'", 'data:'],
10 imgSrc: ["'self'", 'data:'], 10 imgSrc: ["'self'", 'data:'],
11 scriptSrc: ["'self' 'unsafe-inline'"], 11 scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],
12 styleSrc: ["'self' 'unsafe-inline'"], 12 styleSrc: ["'self' 'unsafe-inline'"],
13 // objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it 13 objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
14 formAction: ["'self'"], 14 formAction: ["'self'"],
15 frameAncestors: ["'none'"], 15 frameAncestors: ["'none'"],
16 baseUri: ["'self'"], 16 baseUri: ["'self'"],
17 pluginTypes: ["'none'"],
18 manifestSrc: ["'self'"], 17 manifestSrc: ["'self'"],
19 frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed 18 frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed
20 workerSrc: ["'self'"], // instead of deprecated child-src 19 workerSrc: ["'self'"] // instead of deprecated child-src
21 upgradeInsecureRequests: true
22 }, 20 },
23 (CONFIG.SERVICES['CSP-LOGGER'] != null) ? { reportUri: CONFIG.SERVICES['CSP-LOGGER'] } : {} 21 CONFIG.SERVICES['CSP-LOGGER'] ? { reportUri: CONFIG.SERVICES['CSP-LOGGER'] } : {},
22 CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {}
24) 23)
25 24
26const baseCSP = helmet.contentSecurityPolicy({ 25const baseCSP = helmet.contentSecurityPolicy({