mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[BUGFIX] Relax CSP for trusted-types (#1036)
This will need to be revisited to re-introduce trusted-types when we have a clear handle on all the libraries and their implementation to support this.
This commit is contained in:
parent
fcd0b5e46a
commit
7488206195
|
@ -36,7 +36,7 @@ func ServeIndex(publicDir, base string) fasthttp.RequestHandler {
|
|||
nonce := utils.RandomString(32, alphaNumericRunes)
|
||||
|
||||
ctx.SetContentType("text/html; charset=utf-8")
|
||||
ctx.Response.Header.Add("Content-Security-Policy", fmt.Sprintf("default-src 'self'; object-src 'none'; require-trusted-types-for 'script'; style-src 'self' 'nonce-%s'", nonce))
|
||||
ctx.Response.Header.Add("Content-Security-Policy", fmt.Sprintf("default-src 'self'; object-src 'none'; style-src 'self' 'nonce-%s'", nonce))
|
||||
|
||||
err := tmpl.Execute(ctx.Response.BodyWriter(), struct{ CSPNonce, Base string }{CSPNonce: nonce, Base: base})
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in New Issue
Block a user