From: Dessalines Date: Wed, 1 Jun 2022 16:43:54 +0000 (-0400) Subject: Fixing CSP for iOS devices. Fixes #669 (#678) X-Git-Url: http://these/git/readmes/%7B%60%24%7BwebArchiveUrl%7D/save/static/%24%7BappleTouchIcon%7D?a=commitdiff_plain;h=3e7579b8bbe95b5cd8d276719f98415fa5820c25;p=lemmy-ui.git Fixing CSP for iOS devices. Fixes #669 (#678) --- diff --git a/src/server/index.tsx b/src/server/index.tsx index b276186..65f7308 100644 --- a/src/server/index.tsx +++ b/src/server/index.tsx @@ -11,7 +11,7 @@ import process from "process"; import serialize from "serialize-javascript"; import { App } from "../shared/components/app/app"; import { SYMBOLS } from "../shared/components/common/symbols"; -import { httpBaseInternal } from "../shared/env"; +import { httpBaseInternal, wsUriBase } from "../shared/env"; import { ILemmyConfig, InitialFetchRequest, @@ -27,16 +27,15 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"] const extraThemesFolder = process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes"; -// Commenting out for now, since this broke iOS / webkit browsers. -// if (!process.env["LEMMY_UI_DEBUG"]) { -// server.use(function (_req, res, next) { -// res.setHeader( -// "Content-Security-Policy", -// `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'` -// ); -// next(); -// }); -// } +if (!process.env["LEMMY_UI_DEBUG"]) { + server.use(function (_req, res, next) { + res.setHeader( + "Content-Security-Policy", + `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'` + ); + next(); + }); +} const customHtmlHeader = process.env["LEMMY_UI_CUSTOM_HTML_HEADER"] || ""; server.use(express.json()); diff --git a/src/shared/env.ts b/src/shared/env.ts index 238cd5d..2088bd6 100644 --- a/src/shared/env.ts +++ b/src/shared/env.ts @@ -29,7 +29,7 @@ if (isBrowser()) { // server-side externalHost = process.env.LEMMY_EXTERNAL_HOST || testHost; host = internalHost; - wsHost = process.env.LEMMY_WS_HOST || host; + wsHost = process.env.LEMMY_WS_HOST || externalHost; secure = process.env.LEMMY_HTTPS == "true" ? "s" : ""; }