go/pocketbase
1
0
Fork 0
mirror of https://github.com/pocketbase/pocketbase.git synced 2025-11-23 22:55:37 +02:00
Code Issues Releases Activity

moved the default UI CSP as response header

Browse Source
This commit is contained in:
Gani Georgiev
2024-12-02 13:45:44 +02:00
parent fb2763a697
commit 77ac44a49a
31 changed files with 42 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apis/serve.go
View File

@@ -83,6 +83,12 @@ func Serve(app core.App, config ServeConfig) error {
if e.Request.PathValue(StaticWildcardParam) != "" {
e.Response.Header().Set("Cache-Control", "max-age=1209600, stale-while-revalidate=86400")
}
// add a default CSP
if e.Response.Header().Get("Content-Security-Policy") == "" {
e.Response.Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' http://127.0.0.1:* data: blob:; connect-src 'self' http://127.0.0.1:*; script-src 'self' 'sha256-GRUzBA7PzKYug7pqxv5rJaec5bwDCw1Vo6/IXwvD3Tc='")
}
return e.Next()
}).
Bind(Gzip())