From: Dessalines Date: Fri, 8 Apr 2022 13:52:16 +0000 (+0000) Subject: Revert "Set content security policy http header for all responses (#608)" (#613) X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%7BpictshareAvatarThumbnail%28admin.avatar%29%7D?a=commitdiff_plain;h=7d8843902a16d31f77c962ce334a9687f073ce1b;p=lemmy-ui.git Revert "Set content security policy http header for all responses (#608)" (#613) This reverts commit f1c5c60c76e2ac4c3b4d812f86c15c5bac847816. --- diff --git a/src/server/index.tsx b/src/server/index.tsx index 1bf3759..7b83760 100644 --- a/src/server/index.tsx +++ b/src/server/index.tsx @@ -27,13 +27,6 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"] const extraThemesFolder = process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes"; -server.use(function (_req, res, next) { - res.setHeader( - "Content-Security-Policy", - "default-src data: 'self'; connect-src * ws: wss:; frame-src *; img-src * data:; script-src 'self'; style-src 'self' 'unsafe-inline'; manifest-src 'self'" - ); - next(); -}); server.use(express.json()); server.use(express.urlencoded({ extended: false })); server.use("/static", express.static(path.resolve("./dist"))); @@ -171,8 +164,18 @@ server.get("/*", async (req, res) => { return res.redirect(context.url); } + const cspHtml = ( + + ); + const root = renderToString(wrapper); const symbols = renderToString(SYMBOLS); + const cspStr = process.env.LEMMY_EXTERNAL_HOST + ? renderToString(cspHtml) + : ""; const helmet = Helmet.renderStatic(); const config: ILemmyConfig = { wsHost: process.env.LEMMY_WS_HOST }; @@ -197,6 +200,9 @@ server.get("/*", async (req, res) => { + + ${cspStr} +