1
0
mirror of https://github.com/hotomoe/hotomoe synced 2024-12-15 07:08:23 +09:00

Content-Security-Policy-Report-Onlyを使用するように変更

This commit is contained in:
Ry0taK 2023-02-11 12:37:39 +00:00
parent b888c66ca2
commit ffd4d44ecb

View File

@ -178,8 +178,8 @@ export class ClientServerService {
const csp = this.config.contentSecurityPolicy const csp = this.config.contentSecurityPolicy
?? 'script-src \'self\' \'unsafe-eval\' ' + ?? 'script-src \'self\' \'unsafe-eval\' ' +
'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; ' + 'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; ' +
'base-uri \'self\'; object-src \'self\';'; 'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
reply.header('Content-Security-Policy', csp); reply.header('Content-Security-Policy-Report-Only', csp);
done(); done();
}); });