RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[BUGFIX] Relax CSP for trusted-types (#1036) 

This will need to be revisited to re-introduce trusted-types when we have a clear handle on all the libraries and their implementation to support this.
pull/1033/head^2
Amir Zarrinkafsh 2020-05-21 13:16:37 +10:00 committed by GitHub
parent fcd0b5e46a
commit 7488206195
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/server/index.go
View File

@ -36,7 +36,7 @@ func ServeIndex(publicDir, base string) fasthttp.RequestHandler {
nonce := utils.RandomString(32, alphaNumericRunes) nonce := utils.RandomString(32, alphaNumericRunes)
ctx.SetContentType("text/html; charset=utf-8") ctx.SetContentType("text/html; charset=utf-8")
ctx.Response.Header.Add("Content-Security-Policy", fmt.Sprintf("default-src 'self'; object-src 'none'; require-trusted-types-for 'script'; style-src 'self' 'nonce-%s'", nonce)) ctx.Response.Header.Add("Content-Security-Policy", fmt.Sprintf("default-src 'self'; object-src 'none'; style-src 'self' 'nonce-%s'", nonce))
err := tmpl.Execute(ctx.Response.BodyWriter(), struct{ CSPNonce, Base string }{CSPNonce: nonce, Base: base}) err := tmpl.Execute(ctx.Response.BodyWriter(), struct{ CSPNonce, Base string }{CSPNonce: nonce, Base: base})
if err != nil { if err != nil {