From 7ebcb0563b617e5c478324e32936a221675ee744 Mon Sep 17 00:00:00 2001 From: Dessalines <tyhou13@gmx.com> Date: Wed, 25 Nov 2020 15:06:38 -0500 Subject: [PATCH] Fixing CSP for local dev --- src/server/index.tsx | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/server/index.tsx b/src/server/index.tsx index 35d02c1..b2016cf 100644 --- a/src/server/index.tsx +++ b/src/server/index.tsx @@ -84,7 +84,15 @@ server.get('/*', async (req, res) => { return res.redirect(context.url); } + const cspHtml = ( + <meta + http-equiv="Content-Security-Policy" + content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" + /> + ); + const root = renderToString(wrapper); + const cspStr = process.env.LEMMY_EXTERNAL_HOST ? renderToString(cspHtml) : ''; const helmet = Helmet.renderStatic(); res.send(` @@ -102,7 +110,7 @@ server.get('/*', async (req, res) => { <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- Content Security Policy --> - <meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"> + ${cspStr} <!-- Web app manifest --> <link rel="manifest" href="/static/assets/manifest.webmanifest"> -- 2.44.1