satellite/console: update CSP to include storjapi.io

This change updates our content security policy to include the domain storjapi.io and all of its subdomains. References #6188 Change-Id: I6f3073bc32aa99626c54caf00bf07d2253ccbb8f
storj · Aug 31, 2023 · b671641 · b671641
1 parent c202929
commit b671641
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/satellite/console/consoleweb/server.go b/satellite/console/consoleweb/server.go
@@ -546,7 +546,7 @@ func (server *Server) setAppHeaders(w http.ResponseWriter, r *http.Request) {
 		cspValues := []string{
 			"default-src 'self'",
 			"script-src 'sha256-wAqYV6m2PHGd1WDyFBnZmSoyfCK0jxFAns0vGbdiWUA=' 'self' *.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com *.hcaptcha.com",
-			"connect-src 'self' *.tardigradeshare.io *.storjshare.io https://hcaptcha.com *.hcaptcha.com " + server.config.GatewayCredentialsRequestURL,
+			"connect-src 'self' *.tardigradeshare.io *.storjshare.io *.storjapi.io https://hcaptcha.com *.hcaptcha.com " + server.config.GatewayCredentialsRequestURL,
 			"frame-ancestors " + server.config.FrameAncestors,
 			"frame-src 'self' *.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://hcaptcha.com *.hcaptcha.com",
 			"img-src 'self' data: blob: *.tardigradeshare.io *.storjshare.io *.storjsatelliteshare.io",