yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: allow script injection from react dev tools in dev and stage envs (#6120)

Browse Source
This commit is contained in:
Apoorv Mishra
2023-11-09 10:40:04 +05:30
committed by GitHub
parent 71c4c88bbe
commit a7dd5c6798
3 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/services/web.ts
View File

@@ -104,7 +104,12 @@ export default function init(app: Koa = new Koa(), server?: Server) {
directives: {
defaultSrc,
styleSrc,
scriptSrc: [...scriptSrc, `'nonce-${ctx.state.cspNonce}'`],
scriptSrc: [
...scriptSrc,
env.DEVELOPMENT_UNSAFE_INLINE_CSP
? "'unsafe-inline'"
: `'nonce-${ctx.state.cspNonce}'`,
],
mediaSrc: ["*", "data:", "blob:"],
imgSrc: ["*", "data:", "blob:"],
frameSrc: ["*", "data:"],