[SM-247] Fix csp rules not working for local dev (#3588)

2025-12-12 06:13:38 +00:00 · 2022-09-29 15:24:04 +02:00
parent c7f85504c5
commit 5915ef7ed9
1 changed files with 61 additions and 62 deletions
--- a/apps/web/webpack.config.js
+++ b/apps/web/webpack.config.js
@@ -218,25 +218,23 @@ const devServer =
        },
        headers: (req) => {
          if (!req.originalUrl.includes("connector.html")) {
-            return [
+            return {
-              {
+              "Content-Security-Policy": `
-                key: "Content-Security-Policy",
+                default-src 'self'
-                value: `
+                ;script-src
                  default-src 'self';
                  script-src
                  'self'
                  'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w='
                  https://js.stripe.com
                  https://js.braintreegateway.com
-                    https://www.paypalobjects.com;
+                  https://www.paypalobjects.com
-                  style-src
+                ;style-src
                  'self'
                  https://assets.braintreegateway.com
                  https://*.paypal.com
                  'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
-                    'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4=';
+                  'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='
                  'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg='
-                  img-src
+                ;img-src
                  'self'
                  data:
                  https://icons.bitwarden.net
@@ -244,20 +242,20 @@ const devServer =
                  https://www.paypalobjects.com
                  https://q.stripe.com
                  https://haveibeenpwned.com
-                      https://www.gravatar.com;
+                  https://www.gravatar.com
-                  child-src
+                ;child-src
                  'self'
                  https://js.stripe.com
                  https://assets.braintreegateway.com
                  https://*.paypal.com
-                    https://*.duosecurity.com;
+                  https://*.duosecurity.com
-                  frame-src
+                ;frame-src
                  'self'
                  https://js.stripe.com
                  https://assets.braintreegateway.com
                  https://*.paypal.com
-                    https://*.duosecurity.com;
+                  https://*.duosecurity.com
-                  connect-src
+                ;connect-src
                  'self'
                  wss://notifications.bitwarden.com
                  https://notifications.bitwarden.com
@@ -274,12 +272,13 @@ const devServer =
                  https://quack.duckduckgo.com/api/email/addresses
                  https://app.anonaddy.com/api/v1/aliases
                  https://api.fastmail.com
-                    https://quack.duckduckgo.com/api/email/addresses;
+                ;object-src
                  object-src
                  'self'
-                    blob:;`,
+                  blob:
-              },
+                ;`
-            ];
+                .replace(/\n/g, " ")
                .replace(/ +(?= )/g, ""),
            };
          }
        },
        hot: false,