Fixing CSP for local dev

author Dessalines <tyhou13@gmx.com>

Wed, 25 Nov 2020 20:06:38 +0000 (15:06 -0500)

committer Dessalines <tyhou13@gmx.com>

Wed, 25 Nov 2020 20:06:38 +0000 (15:06 -0500)
author Dessalines <tyhou13@gmx.com>
Wed, 25 Nov 2020 20:06:38 +0000 (15:06 -0500)
committer Dessalines <tyhou13@gmx.com>
Wed, 25 Nov 2020 20:06:38 +0000 (15:06 -0500)
diff --git a/src/server/index.tsx b/src/server/index.tsx

index 35d02c16515636959d4ed1699b60ea10915ef5f0..b2016cf50c1f4dbc0031fa31bc0f32f5dce73e7f 100644 (file)
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -84,7 +84,15 @@ server.get('/*', async (req, res) => {
      return res.redirect(context.url);
    }
  
+  const cspHtml = (
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
+    />
+  );
+
    const root = renderToString(wrapper);
+  const cspStr = process.env.LEMMY_EXTERNAL_HOST ? renderToString(cspHtml) : '';
    const helmet = Helmet.renderStatic();
  
    res.send(`
@@ -102,7 +110,7 @@ server.get('/*', async (req, res) => {
             <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  
             <!-- Content Security Policy -->
-           <meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'">
+           ${cspStr}
  
             <!-- Web app manifest -->
             <link rel="manifest" href="/static/assets/manifest.webmanifest">
author	Dessalines <tyhou13@gmx.com>
	Wed, 25 Nov 2020 20:06:38 +0000 (15:06 -0500)
committer	Dessalines <tyhou13@gmx.com>
	Wed, 25 Nov 2020 20:06:38 +0000 (15:06 -0500)