yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Allow stylesheets to load from CDN

Browse Source
This commit is contained in:
Tom Moor
2023-03-27 20:23:54 -04:00
parent e182dafeac
commit 8cc4cff0d7
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/services/web.ts
View File

@@ -30,6 +30,13 @@ const scriptSrc = [
"cdn.zapier.com", "cdn.zapier.com",
]; ];
const styleSrc = [
"'self'",
"'unsafe-inline'",
"github.githubassets.com",
"cdn.zapier.com",
];
// Allow to load assets from Vite // Allow to load assets from Vite
if (!isProduction) { if (!isProduction) {
scriptSrc.push("127.0.0.1:3001"); scriptSrc.push("127.0.0.1:3001");
@@ -42,6 +49,7 @@ if (env.GOOGLE_ANALYTICS_ID) {
if (env.CDN_URL) { if (env.CDN_URL) {
scriptSrc.push(env.CDN_URL); scriptSrc.push(env.CDN_URL);
styleSrc.push(env.CDN_URL);
defaultSrc.push(env.CDN_URL); defaultSrc.push(env.CDN_URL);
} }
@@ -79,12 +87,7 @@ export default function init(app: Koa = new Koa()): Koa {
directives: { directives: {
defaultSrc, defaultSrc,
scriptSrc, scriptSrc,
styleSrc: [ styleSrc,
"'self'",
"'unsafe-inline'",
"github.githubassets.com",
"cdn.zapier.com",
],
imgSrc: ["*", "data:", "blob:"], imgSrc: ["*", "data:", "blob:"],
frameSrc: ["*", "data:"], frameSrc: ["*", "data:"],
connectSrc: ["*"], // Do not use connect-src: because self + websockets does not work in connectSrc: ["*"], // Do not use connect-src: because self + websockets does not work in