Skip to content

Commit

Permalink
Commenting out csp headers, since it broke iOS devices. Fixes #669 (#675
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@dessalines
dessalines committed May 30, 2022
1 parent 3c42aad commit e467b22
Showing 1 changed file with 11 additions and 10 deletions.
21 changes: 11 additions & 10 deletions src/server/index.tsx
View file
Expand Up @@ -11,7 +11,7 @@ import process from "process";
import serialize from "serialize-javascript";
import { App } from "../shared/components/app/app";
import { SYMBOLS } from "../shared/components/common/symbols";
import { httpBaseInternal, wsUriBase } from "../shared/env";
import { httpBaseInternal } from "../shared/env";
import {
ILemmyConfig,
InitialFetchRequest,
Expand All @@ -27,15 +27,16 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"]
const extraThemesFolder =
process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes";

if (!process.env["LEMMY_UI_DEBUG"]) {
server.use(function (_req, res, next) {
res.setHeader(
"Content-Security-Policy",
`default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'`
);
next();
});
}
// Commenting out for now, since this broke iOS / webkit browsers.
// if (!process.env["LEMMY_UI_DEBUG"]) {
// server.use(function (_req, res, next) {
// res.setHeader(
// "Content-Security-Policy",
// `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'`
// );
// next();
// });
// }
const customHtmlHeader = process.env["LEMMY_UI_CUSTOM_HTML_HEADER"] || "";

server.use(express.json());
Expand Down

2 comments on commit e467b22

@kac-
Copy link
Contributor

@kac- kac- commented on e467b22 Jun 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's broken because wsUriBase is pointing LEMMY_INTERNAL_HOST (by server settings in shared/env.ts) and not LEMMY_EXTERNAL_HOST

@dessalines
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a PR or two for that.

Please sign in to comment.