Allow HTTPS post media in the content security policy and cover it with a regression test.
Hop-State: A_06FPCZJEV5F0C6SP72N2X2G Hop-Proposal: R_06FPCZHS36HMS1FP567XKN0 Hop-Task: T_06FPCYDXSZGDJRD738J0TJ8 Hop-Attempt: AT_06FPCYDXSZG4P47QJD8GHJG
This commit is contained in:
+2
-1
@@ -27,7 +27,7 @@ function getBuildCommitCount(): string {
|
||||
}
|
||||
}
|
||||
|
||||
const contentSecurityPolicy = [
|
||||
export const contentSecurityPolicy = [
|
||||
"default-src 'self'",
|
||||
"base-uri 'self'",
|
||||
"object-src 'none'",
|
||||
@@ -36,6 +36,7 @@ const contentSecurityPolicy = [
|
||||
`script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'${process.env.NODE_ENV === 'development' ? " 'unsafe-eval'" : ''} https://challenges.cloudflare.com`,
|
||||
"style-src 'self' 'unsafe-inline'",
|
||||
"img-src 'self' data: blob: https:",
|
||||
"media-src 'self' blob: https:",
|
||||
"font-src 'self' data:",
|
||||
"connect-src 'self' https: wss:",
|
||||
"frame-src https://challenges.cloudflare.com",
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
import { describe, expect, it } from 'vitest';
|
||||
import { contentSecurityPolicy } from '../../../next.config';
|
||||
|
||||
describe('content security policy', () => {
|
||||
it('allows HTTPS media served by connected storage providers', () => {
|
||||
expect(contentSecurityPolicy).toContain("media-src 'self' blob: https:");
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user