topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Reformat CSP header for readability

pull/2773/head
Jeremy Lin 3 years ago
committed by Daniel García
parent
1e32db8c41
commit
4283a49e0b
No known key found for this signature in database GPG Key ID: FC8A7D14C3CD543A
1 changed files with 20 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 22
      src/util.rs

22
src/util.rs
View File

@ -63,14 +63,28 @@ impl Fairing for AppHeaders {
// app.simplelogin.io, app.anonaddy.com, api.fastmail.com // app.simplelogin.io, app.anonaddy.com, api.fastmail.com
let csp = format!( let csp = format!(
"default-src 'self'; \ "default-src 'self'; \
object-src 'self' blob:; \
script-src 'self'{script_src}; \ script-src 'self'{script_src}; \
style-src 'self' 'unsafe-inline'; \ style-src 'self' 'unsafe-inline'; \
img-src 'self' data: https://haveibeenpwned.com/ https://www.gravatar.com {icon_service_csp}; \
child-src 'self' https://*.duosecurity.com https://*.duofederal.com; \ child-src 'self' https://*.duosecurity.com https://*.duofederal.com; \
frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; \ frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; \
connect-src 'self' https://api.pwnedpasswords.com/range/ https://2fa.directory/api/ https://app.simplelogin.io/api/ https://app.anonaddy.com/api/ https://api.fastmail.com/; \ frame-ancestors 'self' \
object-src 'self' blob:; \ chrome-extension://nngceckbapebfimnlniiiahkandclblb \
frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* {allowed_iframe_ancestors};", chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh \
moz-extension://* \
{allowed_iframe_ancestors}; \
img-src 'self' data: \
https://haveibeenpwned.com/ \
https://www.gravatar.com \
{icon_service_csp}; \
connect-src 'self' \
https://api.pwnedpasswords.com/range/ \
https://2fa.directory/api/ \
https://app.simplelogin.io/api/ \
https://app.anonaddy.com/api/ \
https://api.fastmail.com/ \
;\
",
icon_service_csp = CONFIG._icon_service_csp(), icon_service_csp = CONFIG._icon_service_csp(),
allowed_iframe_ancestors = CONFIG.allowed_iframe_ancestors() allowed_iframe_ancestors = CONFIG.allowed_iframe_ancestors()
); );

Write Preview
Loading…
Cancel
Save