From c154e7aacaa7373cd67e589c78504a0ae092ed4a Mon Sep 17 00:00:00 2001 From: Aakash Singh Date: Mon, 29 Jan 2024 19:14:32 +0530 Subject: [PATCH] switch to report only for csp (#7116) --- netlify.toml | 12 ++++++------ vite.config.ts | 9 ++++----- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/netlify.toml b/netlify.toml index 59abf59caff..807a31ea553 100644 --- a/netlify.toml +++ b/netlify.toml @@ -24,12 +24,12 @@ status = 200 cache-control = "max-age=0, no-store" X-Frame-Options = "DENY" X-Content-Type-Options = "nosniff" - Content-Security-Policy = ''' + Content-Security-Policy-Report-Only = ''' default-src 'self'; - script-src 'self' blob: 'nonce-f51b9742' https://plausible.10bedicu.in; + script-src 'self' 'nonce-f51b9742' https://plausible.10bedicu.in; style-src 'self' 'unsafe-inline'; - connect-src *; - img-src 'self' blob: data: https://cdn.coronasafe.network https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com; - media-src * blob: data:; - object-src 'self' blob: https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com; + connect-src 'self' https://plausible.10bedicu.in; + img-src 'self' https://cdn.coronasafe.network https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com; + object-src 'self' https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com; + report-uri https://csp-logger.ohc.network/ ''' diff --git a/vite.config.ts b/vite.config.ts index 1683caa7a7b..65cbfa296d7 100644 --- a/vite.config.ts +++ b/vite.config.ts @@ -100,13 +100,12 @@ export default defineConfig({ }, preview: { headers: { - "Content-Security-Policy": `default-src 'self';\ + "Content-Security-Policy-Report-Only": `default-src 'self';\ script-src 'self' blob: 'nonce-f51b9742' https://plausible.10bedicu.in;\ style-src 'self' 'unsafe-inline';\ - connect-src *;\ - img-src 'self' blob: data: https://cdn.coronasafe.network ${cdnUrls};\ - media-src * blob: data:;\ - object-src 'self' blob: ${cdnUrls};`, + connect-src 'self' https://plausible.10bedicu.in;\ + img-src 'self' https://cdn.coronasafe.network ${cdnUrls};\ + object-src 'self' ${cdnUrls};`, }, port: 4000, proxy: {