yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Allow stylesheets to load from CDN

Browse Source
This commit is contained in:
Tom Moor
2023-03-27 20:23:54 -04:00
parent e182dafeac
commit 8cc4cff0d7
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/services/web.ts
View File

@@ -30,6 +30,13 @@ const scriptSrc = [
"cdn.zapier.com",
];
const styleSrc = [
"'self'",
"'unsafe-inline'",
"github.githubassets.com",
"cdn.zapier.com",
];
// Allow to load assets from Vite
if (!isProduction) {
scriptSrc.push("127.0.0.1:3001");
@@ -42,6 +49,7 @@ if (env.GOOGLE_ANALYTICS_ID) {
if (env.CDN_URL) {
scriptSrc.push(env.CDN_URL);
styleSrc.push(env.CDN_URL);
defaultSrc.push(env.CDN_URL);
}
@@ -79,12 +87,7 @@ export default function init(app: Koa = new Koa()): Koa {
directives: {
defaultSrc,
scriptSrc,
styleSrc: [
"'self'",
"'unsafe-inline'",
"github.githubassets.com",
"cdn.zapier.com",
],
styleSrc,
imgSrc: ["*", "data:", "blob:"],
frameSrc: ["*", "data:"],
connectSrc: ["*"], // Do not use connect-src: because self + websockets does not work in