From 7ebcb0563b617e5c478324e32936a221675ee744 Mon Sep 17 00:00:00 2001
From: Dessalines <tyhou13@gmx.com>
Date: Wed, 25 Nov 2020 15:06:38 -0500
Subject: [PATCH] Fixing CSP for local dev

---
 src/server/index.tsx | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/server/index.tsx b/src/server/index.tsx
index 35d02c1..b2016cf 100644
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -84,7 +84,15 @@ server.get('/*', async (req, res) => {
     return res.redirect(context.url);
   }
 
+  const cspHtml = (
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
+    />
+  );
+
   const root = renderToString(wrapper);
+  const cspStr = process.env.LEMMY_EXTERNAL_HOST ? renderToString(cspHtml) : '';
   const helmet = Helmet.renderStatic();
 
   res.send(`
@@ -102,7 +110,7 @@ server.get('/*', async (req, res) => {
            <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 
            <!-- Content Security Policy -->
-           <meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'">
+           ${cspStr}
 
            <!-- Web app manifest -->
            <link rel="manifest" href="/static/assets/manifest.webmanifest">
-- 
2.44.1