mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
refactor(core): allow cloudflare insights origin in csp (#6375)
refactor(core): allow cloudflare csp
This commit is contained in:
parent
cf31e3a5af
commit
5fd5353383
1 changed files with 3 additions and 0 deletions
|
@ -105,6 +105,9 @@ export default function koaSecurityHeaders<StateT, ContextT, ResponseBodyT>(
|
||||||
"'self'",
|
"'self'",
|
||||||
"'unsafe-inline'",
|
"'unsafe-inline'",
|
||||||
`${gsiOrigin}client`,
|
`${gsiOrigin}client`,
|
||||||
|
// Some of our users may use the Cloudflare Web Analytics service. We need to allow it to
|
||||||
|
// load its scripts.
|
||||||
|
'https://static.cloudflareinsights.com/',
|
||||||
...conditionalArray(!isProduction && "'unsafe-eval'"),
|
...conditionalArray(!isProduction && "'unsafe-eval'"),
|
||||||
],
|
],
|
||||||
connectSrc: ["'self'", gsiOrigin, tenantEndpointOrigin, ...developmentOrigins],
|
connectSrc: ["'self'", gsiOrigin, tenantEndpointOrigin, ...developmentOrigins],
|
||||||
|
|
Loading…
Reference in a new issue