mirror/ditto
mirror/ditto
1
0
Fork 0
mirror of https://gitlab.com/soapbox-pub/ditto.git synced 2025-12-06 11:29:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

csp: use the sentry origin instead of the URL itself

Browse source
This commit is contained in:
Alex Gleason 2024-11-14 20:28:14 -06:00
parent 3d376ba8b3
commit aea31bce5d
No known key found for this signature in database
GPG key ID: 7211D1F99744FBB7
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/middleware/cspMiddleware.ts
View file

@ -22,7 +22,12 @@ export const cspMiddleware = (): AppMiddleware => {
const connectSrc = ["'self'", 'blob:', origin, `${wsProtocol}//${host}`]; const connectSrc = ["'self'", 'blob:', origin, `${wsProtocol}//${host}`];
if (typeof sentryDsn === 'string') { if (typeof sentryDsn === 'string') {
connectSrc.push(sentryDsn); try {
const dsn = new URL(sentryDsn);
connectSrc.push(dsn.origin);
} catch {
// Ignore
}
} }
const policies = [ const policies = [