import serialize from "serialize-javascript";
import { App } from "../shared/components/app/app";
import { SYMBOLS } from "../shared/components/common/symbols";
-import { httpBaseInternal } from "../shared/env";
+import { httpBaseInternal, wsUriBase } from "../shared/env";
import {
ILemmyConfig,
InitialFetchRequest,
const extraThemesFolder =
process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes";
+server.use(function (_req, res, next) {
+ // in debug mode, websocket backend may be on another port, so we need to permit it in csp policy
+ var websocketBackend;
+ if (process.env.NODE_ENV == "development") {
+ websocketBackend = wsUriBase;
+ }
+ res.setHeader(
+ "Content-Security-Policy",
+ `default-src 'none'; connect-src 'self' ${websocketBackend}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'`
+ );
+ next();
+});
server.use(express.json());
server.use(express.urlencoded({ extended: false }));
server.use("/static", express.static(path.resolve("./dist")));
return res.redirect(context.url);
}
- const cspHtml = (
- <meta
- http-equiv="Content-Security-Policy"
- content="default-src data: 'self'; connect-src * ws: wss:; frame-src *; img-src * data:; script-src 'self'; style-src 'self' 'unsafe-inline'; manifest-src 'self'"
- />
- );
-
const eruda = (
<>
<script src="//cdn.jsdelivr.net/npm/eruda"></script>
</>
);
const erudaStr = process.env["LEMMY_UI_DEBUG"] ? renderToString(eruda) : "";
-
const root = renderToString(wrapper);
const symbols = renderToString(SYMBOLS);
- const cspStr = process.env.LEMMY_EXTERNAL_HOST
- ? renderToString(cspHtml)
- : "";
const helmet = Helmet.renderStatic();
const config: ILemmyConfig = { wsHost: process.env.LEMMY_WS_HOST };
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
- <!-- Content Security Policy -->
- ${cspStr}
-
<!-- Web app manifest -->
<link rel="manifest" href="/static/assets/manifest.webmanifest">
import { isBrowser } from "./utils";
-const testHost = "127.0.0.1:8536";
+const testHost = "0.0.0.0:8536";
let internalHost =
(!isBrowser() && process.env.LEMMY_INTERNAL_HOST) || testHost; // used for local dev
export const httpBaseInternal = `http://${host}`; // Don't use secure here
export const httpBase = `http${secure}://${host}`;
-export const wsUri = `ws${secure}://${wsHost}/api/v3/ws`;
+export const wsUriBase = `ws${secure}://${wsHost}`;
+export const wsUri = `${wsUriBase}/api/v3/ws`;
export const pictrsUri = `${httpBase}/pictrs/image`;
export const isHttps = secure.endsWith("s");
projects / lemmy-ui.git / commitdiff