0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

refactor(core): allow cloudflare insights origin in csp (#6375)

refactor(core): allow cloudflare csp
This commit is contained in:
Gao Sun 2024-08-01 10:18:22 +08:00 committed by GitHub
parent cf31e3a5af
commit 5fd5353383
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -105,6 +105,9 @@ export default function koaSecurityHeaders<StateT, ContextT, ResponseBodyT>(
"'self'", "'self'",
"'unsafe-inline'", "'unsafe-inline'",
`${gsiOrigin}client`, `${gsiOrigin}client`,
// Some of our users may use the Cloudflare Web Analytics service. We need to allow it to
// load its scripts.
'https://static.cloudflareinsights.com/',
...conditionalArray(!isProduction && "'unsafe-eval'"), ...conditionalArray(!isProduction && "'unsafe-eval'"),
], ],
connectSrc: ["'self'", gsiOrigin, tenantEndpointOrigin, ...developmentOrigins], connectSrc: ["'self'", gsiOrigin, tenantEndpointOrigin, ...developmentOrigins],