bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-12 06:13:38 +00:00
Code Issues Releases Wiki Activity

[SM-247] Fix csp rules not working for local dev (#3588)

Browse Source
This commit is contained in:
Oscar Hinton
2022-09-29 15:24:04 +02:00
committed by GitHub
parent c7f85504c5
commit 5915ef7ed9
1 changed files with 61 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
apps/web/webpack.config.js
View File

@@ -218,68 +218,67 @@ const devServer =
}, },
headers: (req) => { headers: (req) => {
if (!req.originalUrl.includes("connector.html")) { if (!req.originalUrl.includes("connector.html")) {
return [ return {
{ "Content-Security-Policy": `
key: "Content-Security-Policy", default-src 'self'
value: ` ;script-src
default-src 'self'; 'self'
script-src 'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w='
'self' https://js.stripe.com
'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w=' https://js.braintreegateway.com
https://js.stripe.com https://www.paypalobjects.com
https://js.braintreegateway.com ;style-src
https://www.paypalobjects.com; 'self'
style-src https://assets.braintreegateway.com
'self' https://*.paypal.com
https://assets.braintreegateway.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
https://*.paypal.com 'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='
'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg='
'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='; ;img-src
'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg=' 'self'
img-src data:
'self' https://icons.bitwarden.net
data: https://*.paypal.com
https://icons.bitwarden.net https://www.paypalobjects.com
https://*.paypal.com https://q.stripe.com
https://www.paypalobjects.com https://haveibeenpwned.com
https://q.stripe.com https://www.gravatar.com
https://haveibeenpwned.com ;child-src
https://www.gravatar.com; 'self'
child-src https://js.stripe.com
'self' https://assets.braintreegateway.com
https://js.stripe.com https://*.paypal.com
https://assets.braintreegateway.com https://*.duosecurity.com
https://*.paypal.com ;frame-src
https://*.duosecurity.com; 'self'
frame-src https://js.stripe.com
'self' https://assets.braintreegateway.com
https://js.stripe.com https://*.paypal.com
https://assets.braintreegateway.com https://*.duosecurity.com
https://*.paypal.com ;connect-src
https://*.duosecurity.com; 'self'
connect-src wss://notifications.bitwarden.com
'self' https://notifications.bitwarden.com
wss://notifications.bitwarden.com https://cdn.bitwarden.net
https://notifications.bitwarden.com https://api.pwnedpasswords.com
https://cdn.bitwarden.net https://2fa.directory/api/v3/totp.json
https://api.pwnedpasswords.com https://api.stripe.com
https://2fa.directory/api/v3/totp.json https://www.paypal.com
https://api.stripe.com https://api.braintreegateway.com
https://www.paypal.com https://client-analytics.braintreegateway.com
https://api.braintreegateway.com https://*.braintree-api.com
https://client-analytics.braintreegateway.com https://*.blob.core.windows.net
https://*.braintree-api.com https://app.simplelogin.io/api/alias/random/new
https://*.blob.core.windows.net https://quack.duckduckgo.com/api/email/addresses
https://app.simplelogin.io/api/alias/random/new https://app.anonaddy.com/api/v1/aliases
https://quack.duckduckgo.com/api/email/addresses https://api.fastmail.com
https://app.anonaddy.com/api/v1/aliases ;object-src
https://api.fastmail.com 'self'
https://quack.duckduckgo.com/api/email/addresses; blob:
object-src ;`
'self' .replace(/\n/g, " ")
blob:;`, .replace(/ +(?= )/g, ""),
}, };
];
} }
}, },
hot: false, hot: false,