Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
Code Issues Activity

refactor(core): allow cloudflare insights origin in csp (#6375)

Browse source 
refactor(core): allow cloudflare csp
This commit is contained in:
Gao Sun 2024-08-01 10:18:22 +08:00 committed by GitHub
parent cf31e3a5af
commit 5fd5353383
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
packages/core/src/middleware/koa-security-headers.ts
View file

@ -105,6 +105,9 @@ export default function koaSecurityHeaders<StateT, ContextT, ResponseBodyT>(
"'self'",
"'unsafe-inline'",
`${gsiOrigin}client`,
// Some of our users may use the Cloudflare Web Analytics service. We need to allow it to
// load its scripts.
'https://static.cloudflareinsights.com/',
...conditionalArray(!isProduction && "'unsafe-eval'"),
],
connectSrc: ["'self'", gsiOrigin, tenantEndpointOrigin, ...developmentOrigins],