Skip to content

Commit

Permalink
Allow 'self' for img-src and connect-src
Browse files Browse the repository at this point in the history 
Apparently, there is a bug for Chrome on iOS if connect-src does not allow 'self'.

See known issues at https://caniuse.com/contentsecuritypolicy
  • Loading branch information
@ekzyis
ekzyis committed Feb 9, 2024
1 parent e2de56d commit 8a2ff99
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions middleware.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ export function middleware (request) {
const cspHeader = [
"default-src 'none'",
"font-src 'self'",
'img-src https: data:',
"img-src 'self' https: data:",
"script-src 'self' 'unsafe-inline' 'unsafe-eval'",
"style-src 'self' 'unsafe-inline'",
"manifest-src 'self'",
'connect-src https: wss:',
"connect-src 'self' https: wss:",
'upgrade-insecure-requests'
].join('; ')

Expand Down

0 comments on commit 8a2ff99

Please sign in to comment.