github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-31 03:18:09 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: remove legacy CSP implementation to make strict-dynamic only accepted behaviour (#27486)

Browse Source 
* DEV: remove legacy CSP implementation that allowed for non-strict-dynamic behaviour
This commit is contained in:
Kelv
2024-06-18 16:40:53 +08:00
committed by GitHub
parent b9eb746eea
commit 2393234be5
8 changed files with 9 additions and 382 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/assets/javascripts/custom-proxy/index.js
View File

@ -173,21 +173,6 @@ async function handleRequest(proxy, baseURL, req, res, outputPath) {
res.set("location", newLocation);
}
const csp = response.headers.get("content-security-policy");
if (csp && !csp.includes("'strict-dynamic'")) {
const emberCliAdditions = [
`http://${originalHost}${baseURL}assets/`,
`http://${originalHost}${baseURL}ember-cli-live-reload.js`,
`http://${originalHost}${baseURL}_lr/`,
].join(" ");
const newCSP = csp
.replaceAll(proxy, `http://${originalHost}`)
.replaceAll("script-src ", `script-src ${emberCliAdditions} `);
res.set("content-security-policy", newCSP);
}
const contentType = response.headers.get("content-type");
const isHTML = contentType?.startsWith("text/html");