From 3e7579b8bbe95b5cd8d276719f98415fa5820c25 Mon Sep 17 00:00:00 2001
From: Dessalines <dessalines@users.noreply.github.com>
Date: Wed, 1 Jun 2022 12:43:54 -0400
Subject: [PATCH] Fixing CSP for iOS devices. Fixes #669 (#678)

---
 src/server/index.tsx | 21 ++++++++++-----------
 src/shared/env.ts    |  2 +-
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/src/server/index.tsx b/src/server/index.tsx
index b276186..65f7308 100644
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -11,7 +11,7 @@ import process from "process";
 import serialize from "serialize-javascript";
 import { App } from "../shared/components/app/app";
 import { SYMBOLS } from "../shared/components/common/symbols";
-import { httpBaseInternal } from "../shared/env";
+import { httpBaseInternal, wsUriBase } from "../shared/env";
 import {
   ILemmyConfig,
   InitialFetchRequest,
@@ -27,16 +27,15 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"]
 const extraThemesFolder =
   process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes";
 
-// Commenting out for now, since this broke iOS / webkit browsers.
-// if (!process.env["LEMMY_UI_DEBUG"]) {
-//   server.use(function (_req, res, next) {
-//     res.setHeader(
-//       "Content-Security-Policy",
-//       `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'`
-//     );
-//     next();
-//   });
-// }
+if (!process.env["LEMMY_UI_DEBUG"]) {
+  server.use(function (_req, res, next) {
+    res.setHeader(
+      "Content-Security-Policy",
+      `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'`
+    );
+    next();
+  });
+}
 const customHtmlHeader = process.env["LEMMY_UI_CUSTOM_HTML_HEADER"] || "";
 
 server.use(express.json());
diff --git a/src/shared/env.ts b/src/shared/env.ts
index 238cd5d..2088bd6 100644
--- a/src/shared/env.ts
+++ b/src/shared/env.ts
@@ -29,7 +29,7 @@ if (isBrowser()) {
   // server-side
   externalHost = process.env.LEMMY_EXTERNAL_HOST || testHost;
   host = internalHost;
-  wsHost = process.env.LEMMY_WS_HOST || host;
+  wsHost = process.env.LEMMY_WS_HOST || externalHost;
   secure = process.env.LEMMY_HTTPS == "true" ? "s" : "";
 }
 
-- 
2.44.1