Add worker-src

This commit is contained in:
Ry0taK 2023-03-18 02:42:05 +00:00
parent c0d0c9ada2
commit c3659a4ca2

View File

@ -183,6 +183,7 @@ export class ClientServerService {
const csp = this.config.contentSecurityPolicy
?? 'script-src \'self\' ' +
'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ {scriptNonce}; ' +
'worker-src blob: \'self\'; ' +
'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
reply.header('Content-Security-Policy-Report-Only', csp.replace('{scriptNonce}', `'nonce-${scriptNonce}'`));
done();