Merge branch 'csp-header' into 'develop'

Add Content-Security-Policy header See merge request pleroma/pleroma-fe!856
author: HJ <30-hj@users.noreply.git.pleroma.social> 2019-07-10 18:44:27 +0000
committer: HJ <30-hj@users.noreply.git.pleroma.social> 2019-07-10 18:44:27 +0000
commit: 0a7c60c30376dfa0bb3058b16f0e59485f5397c6 (patch)
tree: 9b7c1fa67e4fb2a2b9a413eb9f572a75c6f08f59 /build/dev-server.js
parent: cf2dc5b68336b858c5acb701a5a5549d09a2ccc8 (diff)
parent: 34d95454b35712e4c1119f02693f2e2e9cda8cc8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/build/dev-server.js b/build/dev-server.js
index 48574214..59dd2c4d 100644
--- a/build/dev-server.js
+++ b/build/dev-server.js
@@ -24,6 +24,9 @@ var devMiddleware = require('webpack-dev-middleware')(compiler, {
   stats: {
     colors: true,
     chunks: false
+  },
+  headers: {
+    'content-security-policy': "base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-eval';"
   }
 })
author	HJ <30-hj@users.noreply.git.pleroma.social>	2019-07-10 18:44:27 +0000
committer	HJ <30-hj@users.noreply.git.pleroma.social>	2019-07-10 18:44:27 +0000
commit	0a7c60c30376dfa0bb3058b16f0e59485f5397c6 (patch)
tree	9b7c1fa67e4fb2a2b9a413eb9f572a75c6f08f59 /build/dev-server.js
parent	cf2dc5b68336b858c5acb701a5a5549d09a2ccc8 (diff)
parent	34d95454b35712e4c1119f02693f2e2e9cda8cc8 (diff)