csp: child-src is deprecated
parent
b248fa7ce9
commit
9851210b90
|
@ -99,7 +99,8 @@ trait AssetHelper { self: I18nHelper =>
|
|||
connectSrc = List("'self'", assets, socket, socket + ":*", lila.api.Env.current.ExplorerEndpoint, lila.api.Env.current.TablebaseEndpoint),
|
||||
styleSrc = List("'self'", "'unsafe-inline'", assets, "https://fonts.googleapis.com"),
|
||||
fontSrc = List("'self'", assetDomain, "https://fonts.gstatic.com"),
|
||||
childSrc = List("'self'", assets, "https://www.youtube.com"),
|
||||
frameSrc = List("'self'", assets, "https://www.youtube.com"),
|
||||
workerSrc = List("'self'", assets),
|
||||
imgSrc = List("data:", "*"),
|
||||
scriptSrc = List("'self'", assets, "https://cdnjs.cloudflare.com")
|
||||
)
|
||||
|
|
|
@ -5,7 +5,8 @@ case class ContentSecurityPolicy(
|
|||
connectSrc: List[String],
|
||||
styleSrc: List[String],
|
||||
fontSrc: List[String],
|
||||
childSrc: List[String],
|
||||
frameSrc: List[String],
|
||||
workerSrc: List[String],
|
||||
imgSrc: List[String],
|
||||
scriptSrc: List[String]
|
||||
) {
|
||||
|
@ -17,7 +18,7 @@ case class ContentSecurityPolicy(
|
|||
def withStripe = copy(
|
||||
connectSrc = "https://*.stripe.com" :: connectSrc,
|
||||
scriptSrc = "https://*.stripe.com" :: scriptSrc,
|
||||
childSrc = "https://*.stripe.com" :: childSrc
|
||||
frameSrc = "https://*.stripe.com" :: frameSrc
|
||||
)
|
||||
|
||||
def withSpreadshirt = copy(
|
||||
|
@ -25,7 +26,8 @@ case class ContentSecurityPolicy(
|
|||
connectSrc = "https://shop.spreadshirt.com" :: "https://api.spreadshirt.com" :: connectSrc,
|
||||
styleSrc = Nil,
|
||||
fontSrc = Nil,
|
||||
childSrc = Nil,
|
||||
frameSrc = Nil,
|
||||
workerSrc = Nil,
|
||||
imgSrc = Nil,
|
||||
scriptSrc = Nil
|
||||
)
|
||||
|
@ -35,19 +37,20 @@ case class ContentSecurityPolicy(
|
|||
connectSrc = "https://www.twitch.tv" :: "https://www-cdn.jtvnw.net" :: connectSrc,
|
||||
styleSrc = Nil,
|
||||
fontSrc = Nil,
|
||||
childSrc = Nil,
|
||||
frameSrc = Nil,
|
||||
workerSrc = Nil,
|
||||
imgSrc = Nil,
|
||||
scriptSrc = Nil
|
||||
)
|
||||
|
||||
def withTwitter = copy(
|
||||
scriptSrc = "https://platform.twitter.com" :: "https://*.twimg.com" :: scriptSrc,
|
||||
childSrc = "https://platform.twitter.com" :: childSrc,
|
||||
frameSrc = "https://platform.twitter.com" :: frameSrc,
|
||||
styleSrc = "https://platform.twitter.com" :: styleSrc
|
||||
)
|
||||
|
||||
def withGoogleForm = copy(
|
||||
childSrc = "https://docs.google.com" :: childSrc
|
||||
frameSrc = "https://docs.google.com" :: frameSrc
|
||||
)
|
||||
|
||||
override def toString: String =
|
||||
|
@ -56,7 +59,8 @@ case class ContentSecurityPolicy(
|
|||
"connect-src " -> connectSrc,
|
||||
"style-src " -> styleSrc,
|
||||
"font-src " -> fontSrc,
|
||||
"child-src " -> childSrc,
|
||||
"frame-src " -> frameSrc,
|
||||
"worker-src " -> workerSrc,
|
||||
"img-src " -> imgSrc,
|
||||
"script-src " -> scriptSrc
|
||||
) collect {
|
||||
|
|
Loading…
Reference in New Issue