PrivateCoffee/element-web
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Improve Content-Security-Policy (#25210)

Browse source
This commit is contained in:
Michael Telatynski 2023-04-26 14:49:35 +01:00 committed by GitHub
parent 59b6285458
commit afab95288e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/vector/index.html
View file

@ -26,7 +26,7 @@
<meta http-equiv="Content-Security-Policy" content=" <meta http-equiv="Content-Security-Policy" content="
default-src 'none'; default-src 'none';
style-src 'self' 'unsafe-inline' <%= csp_extra_source %>; style-src 'self' 'unsafe-inline' <%= csp_extra_source %>;
script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com <%= csp_extra_source %>; script-src 'self' 'wasm-unsafe-eval' https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ <%= csp_extra_source %>;
img-src * blob: data:; img-src * blob: data:;
connect-src *; connect-src *;
font-src 'self' data: <%= csp_extra_source %>; font-src 'self' data: <%= csp_extra_source %>;

4
webpack.config.js
View file

@ -99,8 +99,8 @@ module.exports = (env, argv) => {
const development = {}; const development = {};
if (devMode) { if (devMode) {
// High quality, embedded source maps for dev builds // Embedded source maps for dev builds, can't use eval-source-map due to CSP
development["devtool"] = "eval-source-map"; development["devtool"] = "inline-source-map";
} else { } else {
if (process.env.CI_PACKAGE) { if (process.env.CI_PACKAGE) {
// High quality source maps in separate .map files which include the source. This doesn't bulk up the .js // High quality source maps in separate .map files which include the source. This doesn't bulk up the .js