Skip to content

Commit d9e052b

Browse files
oliviertassinarioliviertassinari
committed
[docs-infra] Strengthen CSP
1 parent c8e05a9 commit d9e052b

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

docs/public/_headers

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,3 +16,6 @@
1616
X-Content-Type-Options: nosniff
1717
X-XSS-Protection: 1; mode=block
1818
Referrer-Policy: strict-origin-when-cross-origin
19+
# TODO: progressively reduce the CSP scopes
20+
# Start with a wildcard, using https://github.com/oliviertassinari/mui-toolpad/blob/f4c4eb046b352e4fc00729c3bed605e671b040c4/packages/toolpad-studio/src/server/index.ts#L241
21+
Content-Security-Policy: default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *;

0 commit comments

Comments
 (0)