Allow HTTPS post media in the content security policy and cover it with a regression test.

Hop-State: A_06FPCZJEV5F0C6SP72N2X2G
Hop-Proposal: R_06FPCZHS36HMS1FP567XKN0
Hop-Task: T_06FPCYDXSZGDJRD738J0TJ8
Hop-Attempt: AT_06FPCYDXSZG4P47QJD8GHJG
This commit is contained in:
2026-07-15 08:56:21 -07:00
committed by Hop
parent fd807cfdd8
commit a0b4b3ce2a
2 changed files with 10 additions and 1 deletions
+2 -1
View File
@@ -27,7 +27,7 @@ function getBuildCommitCount(): string {
}
}
const contentSecurityPolicy = [
export const contentSecurityPolicy = [
"default-src 'self'",
"base-uri 'self'",
"object-src 'none'",
@@ -36,6 +36,7 @@ const contentSecurityPolicy = [
`script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'${process.env.NODE_ENV === 'development' ? " 'unsafe-eval'" : ''} https://challenges.cloudflare.com`,
"style-src 'self' 'unsafe-inline'",
"img-src 'self' data: blob: https:",
"media-src 'self' blob: https:",
"font-src 'self' data:",
"connect-src 'self' https: wss:",
"frame-src https://challenges.cloudflare.com",