diff --git a/next.config.ts b/next.config.ts index 2911ac0..63c997b 100644 --- a/next.config.ts +++ b/next.config.ts @@ -27,7 +27,7 @@ function getBuildCommitCount(): string { } } -const contentSecurityPolicy = [ +export const contentSecurityPolicy = [ "default-src 'self'", "base-uri 'self'", "object-src 'none'", @@ -36,6 +36,7 @@ const contentSecurityPolicy = [ `script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'${process.env.NODE_ENV === 'development' ? " 'unsafe-eval'" : ''} https://challenges.cloudflare.com`, "style-src 'self' 'unsafe-inline'", "img-src 'self' data: blob: https:", + "media-src 'self' blob: https:", "font-src 'self' data:", "connect-src 'self' https: wss:", "frame-src https://challenges.cloudflare.com", diff --git a/src/lib/security/content-security-policy.test.ts b/src/lib/security/content-security-policy.test.ts new file mode 100644 index 0000000..5f392f8 --- /dev/null +++ b/src/lib/security/content-security-policy.test.ts @@ -0,0 +1,8 @@ +import { describe, expect, it } from 'vitest'; +import { contentSecurityPolicy } from '../../../next.config'; + +describe('content security policy', () => { + it('allows HTTPS media served by connected storage providers', () => { + expect(contentSecurityPolicy).toContain("media-src 'self' blob: https:"); + }); +});