ditch csp reporting
parent
7348b81c88
commit
fb49bf223c
|
@ -7,8 +7,6 @@ import lila.api.Context
|
|||
import lila.app.ui.ScalatagsTemplate._
|
||||
import lila.common.{ AssetVersion, ContentSecurityPolicy, Nonce }
|
||||
|
||||
import scala.util.Random
|
||||
|
||||
trait AssetHelper { self: I18nHelper with SecurityHelper =>
|
||||
|
||||
def isProd: Boolean
|
||||
|
@ -135,8 +133,7 @@ trait AssetHelper { self: I18nHelper with SecurityHelper =>
|
|||
workerSrc = List("'self'", assets),
|
||||
imgSrc = List("data:", "*"),
|
||||
scriptSrc = List("'self'", assets),
|
||||
baseUri = List("'none'"),
|
||||
reportTo = if (Random.nextInt(1000) == 0) List("default") else Nil
|
||||
baseUri = List("'none'")
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ object bits {
|
|||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src https://fonts.googleapis.com 'unsafe-inline'; font-src https://fonts.gstatic.com; script-src 'unsafe-eval' https://cdn.jsdelivr.net blob:; child-src blob:; connect-src https://raw.githubusercontent.com; img-src data: https://lichess.org https://lichess1.org; report-to default;">
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src https://fonts.googleapis.com 'unsafe-inline'; font-src https://fonts.gstatic.com; script-src 'unsafe-eval' https://cdn.jsdelivr.net blob:; child-src blob:; connect-src https://raw.githubusercontent.com; img-src data: https://lichess.org https://lichess1.org;">
|
||||
<title>Lichess.org API reference</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700" rel="stylesheet">
|
||||
|
|
|
@ -9,8 +9,7 @@ case class ContentSecurityPolicy(
|
|||
workerSrc: List[String],
|
||||
imgSrc: List[String],
|
||||
scriptSrc: List[String],
|
||||
baseUri: List[String],
|
||||
reportTo: List[String]
|
||||
baseUri: List[String]
|
||||
) {
|
||||
|
||||
def withNonce(nonce: Nonce) = copy(scriptSrc = nonce.scriptSrc :: scriptSrc)
|
||||
|
@ -81,7 +80,6 @@ case class ContentSecurityPolicy(
|
|||
"img-src " -> imgSrc,
|
||||
"script-src " -> scriptSrc,
|
||||
"base-uri " -> baseUri,
|
||||
"report-to " -> reportTo
|
||||
) collect {
|
||||
case (directive, sources) if sources.nonEmpty =>
|
||||
sources.mkString(directive, " ", ";")
|
||||
|
|
Loading…
Reference in New Issue