Skip to content

Commit

Permalink
switch to report only for csp (#7116)
Browse files Browse the repository at this point in the history
  • Loading branch information
sainak authored Jan 29, 2024
1 parent 4e53a3e commit c154e7a
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 11 deletions.
12 changes: 6 additions & 6 deletions netlify.toml
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,12 @@ status = 200
cache-control = "max-age=0, no-store"
X-Frame-Options = "DENY"
X-Content-Type-Options = "nosniff"
Content-Security-Policy = '''
Content-Security-Policy-Report-Only = '''
default-src 'self';
script-src 'self' blob: 'nonce-f51b9742' https://plausible.10bedicu.in;
script-src 'self' 'nonce-f51b9742' https://plausible.10bedicu.in;
style-src 'self' 'unsafe-inline';
connect-src *;
img-src 'self' blob: data: https://cdn.coronasafe.network https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com;
media-src * blob: data:;
object-src 'self' blob: https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com;
connect-src 'self' https://plausible.10bedicu.in;
img-src 'self' https://cdn.coronasafe.network https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com;
object-src 'self' https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com;
report-uri https://csp-logger.ohc.network/
'''
9 changes: 4 additions & 5 deletions vite.config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -100,13 +100,12 @@ export default defineConfig({
},
preview: {
headers: {
"Content-Security-Policy": `default-src 'self';\
"Content-Security-Policy-Report-Only": `default-src 'self';\
script-src 'self' blob: 'nonce-f51b9742' https://plausible.10bedicu.in;\
style-src 'self' 'unsafe-inline';\
connect-src *;\
img-src 'self' blob: data: https://cdn.coronasafe.network ${cdnUrls};\
media-src * blob: data:;\
object-src 'self' blob: ${cdnUrls};`,
connect-src 'self' https://plausible.10bedicu.in;\
img-src 'self' https://cdn.coronasafe.network ${cdnUrls};\
object-src 'self' ${cdnUrls};`,
},
port: 4000,
proxy: {
Expand Down

0 comments on commit c154e7a

Please sign in to comment.