watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2025-12-06 01:18:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updated CSP generation.

Browse source
This commit is contained in:
Mike Cao 2025-10-01 10:32:38 -07:00
parent 8e05921227
commit 98bdc82239
1 changed files with 9 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

21
next.config.ts
View file

@ -14,14 +14,14 @@ const frameAncestors = process.env.ALLOWED_FRAME_URLS || '';
const trackerScriptName = process.env.TRACKER_SCRIPT_NAME || '';
const trackerScriptURL = process.env.TRACKER_SCRIPT_URL || '';
const contentSecurityPolicy = [
`default-src 'self'`,
`img-src * data:`,
`script-src 'self' 'unsafe-eval' 'unsafe-inline'`,
`style-src 'self' 'unsafe-inline'`,
`connect-src 'self' api.umami.is cloud.umami.is`,
`frame-ancestors 'self' ${frameAncestors}`,
];
const contentSecurityPolicy = `
default-src 'self';
img-src 'self' https: data:;
script-src 'self' 'unsafe-eval' 'unsafe-inline';
style-src 'self' 'unsafe-inline';
connect-src 'self' api.umami.is cloud.umami.is;
frame-ancestors 'self' ${frameAncestors};
`;
const defaultHeaders = [
{
@ -30,10 +30,7 @@ const defaultHeaders = [
},
{
key: 'Content-Security-Policy',
value: contentSecurityPolicy
.join(';')
.replace(/\s{2,}/g, ' ')
.trim(),
value: contentSecurityPolicy.replace(/\s{2,}/g, ' ').trim(),
},
];