Documenting and changing a few env vars. Fixes #661 (#739)

[lemmy-ui.git] / src / server / index.tsx

diff --git a/src/server/index.tsx b/src/server/index.tsx
index 374fb03111c4b99db750d8610e74655bf32fb7e7..ebaa9477633863e3df5113704215584c9db35a40 100644 (file)
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -13,7 +13,7 @@ import process from "process";
 import serialize from "serialize-javascript";
 import { App } from "../shared/components/app/app";
 import { SYMBOLS } from "../shared/components/common/symbols";
-import { httpBaseInternal, wsUriBase } from "../shared/env";
+import { httpBaseInternal } from "../shared/env";
 import {
   ILemmyConfig,
   InitialFetchRequest,
@@ -29,11 +29,11 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"]
 const extraThemesFolder =
   process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes";
 
-if (!process.env["LEMMY_UI_DEBUG"]) {
+if (!process.env["LEMMY_UI_DISABLE_CSP"]) {
   server.use(function (_req, res, next) {
     res.setHeader(
       "Content-Security-Policy",
-      `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'`
+      `default-src 'none'; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'`
     );
     next();
   });
@@ -189,7 +189,7 @@ server.get("/*", async (req, res) => {
     const symbols = renderToString(SYMBOLS);
     const helmet = Helmet.renderStatic();
 
-    const config: ILemmyConfig = { wsHost: process.env.LEMMY_WS_HOST };
+    const config: ILemmyConfig = { wsHost: process.env.LEMMY_UI_LEMMY_WS_HOST };
 
     res.send(`
            <!DOCTYPE html>