mirror of
https://github.com/hotomoe/hotomoe
synced 2024-12-14 14:48:19 +09:00
Content-Security-Policy-Report-Onlyを使用するように変更
This commit is contained in:
parent
b888c66ca2
commit
ffd4d44ecb
@ -178,8 +178,8 @@ export class ClientServerService {
|
|||||||
const csp = this.config.contentSecurityPolicy
|
const csp = this.config.contentSecurityPolicy
|
||||||
?? 'script-src \'self\' \'unsafe-eval\' ' +
|
?? 'script-src \'self\' \'unsafe-eval\' ' +
|
||||||
'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; ' +
|
'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; ' +
|
||||||
'base-uri \'self\'; object-src \'self\';';
|
'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
|
||||||
reply.header('Content-Security-Policy', csp);
|
reply.header('Content-Security-Policy-Report-Only', csp);
|
||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user