tldraw/apps/dotcom-worker
Mime Čuvalo f19ed94422
csp: add content security policy for dotcom (#3952)
followup to https://github.com/tldraw/tldraw/pull/3907
This introduces, more formally, a CSP policy for dotcom.

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [x] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [x] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know

### Release Notes

- Security: add CSP to dotcom.
2024-06-26 11:11:14 +00:00
..
scripts unbrivate, dot com in (#2475) 2024-01-16 14:38:05 +00:00
src/lib csp: add content security policy for dotcom (#3952) 2024-06-26 11:11:14 +00:00
.gitignore unbrivate, dot com in (#2475) 2024-01-16 14:38:05 +00:00
CHANGELOG.md unbrivate, dot com in (#2475) 2024-01-16 14:38:05 +00:00
package.json Readonly / room creation omnibus (#3192) 2024-04-25 14:10:40 +00:00
README.md unbrivate, dot com in (#2475) 2024-01-16 14:38:05 +00:00
tsconfig.json Readonly / room creation omnibus (#3192) 2024-04-25 14:10:40 +00:00
wrangler.toml fix coarse pointer detection (#3795) 2024-05-21 16:20:27 +00:00

@tldraw/tlsync-worker

Enable database persistence for local dev

The values for env.SUPABASE_KEY and env.SUPABASE_URL are stored in the Cloudflare Workers dashboard for this worker. However we use --local mode for local development, which doesn't read these values from the dashboard.

To workaround this, create a file called .dev.vars under merge-server with the required values (which you can currently find at https://app.supabase.com/project/bfcjbbjqflgfzxhskwct/settings/api). This will be read by wrangler dev --local and used to populate the environment variables.

SUPABASE_URL=<url>
SUPABASE_KEY=<key>