faral/pokerface
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix CSP to allow Google Fonts and Gravatar avatars
All checks were successful
Build & Push Container Image / build (push) Successful in 5s
Details

Browse source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jan Willem Mannaerts 2026-02-28 16:50:02 +01:00
parent 31dfbe3cca
commit 4d8c2a301c
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
backend/src/index.js
View file

@ -57,10 +57,10 @@ app.use((_req, res, next) => {
res.setHeader('Content-Security-Policy', [ res.setHeader('Content-Security-Policy', [
"default-src 'self'", "default-src 'self'",
"script-src 'self'", "script-src 'self'",
"style-src 'self' 'unsafe-inline'", "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
`connect-src 'self' wss://${isProd ? new URL(frontendUrl).host : '*'}`, `connect-src 'self' wss://${isProd ? new URL(frontendUrl).host : '*'}`,
"img-src 'self' https://*.atl-paas.net https://*.atlassian.com https://secure.gravatar.com data:", "img-src 'self' https://*.atl-paas.net https://*.atlassian.com https://secure.gravatar.com https://*.gravatar.com data:",
"font-src 'self'", "font-src 'self' https://fonts.gstatic.com",
"object-src 'none'", "object-src 'none'",
"base-uri 'self'", "base-uri 'self'",
"form-action 'self'", "form-action 'self'",