mirror of
https://github.com/QuivrHQ/quivr.git
synced 2024-12-14 17:03:29 +03:00
feat: configure CSP for self-hosting and multiple ports in dev mode (#1364)
Closes #1358 Closes #1359 ⚠️ Need to update the preview and prod environment with a "NEXT_PUBLIC_FRONTEND_URL" variable before merging.
This commit is contained in:
parent
77e135fb5b
commit
2c7d48cf4e
@ -1,5 +1,6 @@
|
||||
NEXT_PUBLIC_ENV=local
|
||||
NEXT_PUBLIC_BACKEND_URL=http://localhost:5050
|
||||
NEXT_PUBLIC_FRONTEND_URL=http://localhost:*
|
||||
NEXT_PUBLIC_SUPABASE_URL=<change-me>
|
||||
NEXT_PUBLIC_SUPABASE_ANON_KEY=<change-me>
|
||||
|
||||
@ -12,4 +13,3 @@ NEXT_PUBLIC_GA_ID=<ignore-me-or-change-me>
|
||||
NEXT_PUBLIC_E2E_URL=http://localhost:3003
|
||||
NEXT_PUBLIC_E2E_EMAIL=<ignore-me-or-change-me>
|
||||
NEXT_PUBLIC_E2E_PASSWORD=<ignore-me-or-change-me>
|
||||
|
||||
|
@ -24,11 +24,7 @@ const ContentSecurityPolicy = {
|
||||
"https://fonts.googleapis.com",
|
||||
process.env.NEXT_PUBLIC_SUPABASE_URL,
|
||||
"https://api.june.so",
|
||||
{
|
||||
prod: "https://www.quivr.app/",
|
||||
preview: "https://preview.quivr.app/",
|
||||
local: ["http://localhost:3000", "http://localhost:3001"],
|
||||
},
|
||||
process.env.NEXT_PUBLIC_FRONTEND_URL,
|
||||
],
|
||||
"connect-src": [
|
||||
"'self'",
|
||||
@ -43,44 +39,20 @@ const ContentSecurityPolicy = {
|
||||
"media-src": [
|
||||
"'self'",
|
||||
"https://user-images.githubusercontent.com",
|
||||
"https://www.quivr.app/",
|
||||
process.env.NEXT_PUBLIC_FRONTEND_URL,
|
||||
"https://quivr-cms.s3.eu-west-3.amazonaws.com",
|
||||
],
|
||||
"script-src": [
|
||||
"'unsafe-inline'",
|
||||
"'unsafe-eval'",
|
||||
"https://va.vercel-scripts.com/",
|
||||
{
|
||||
prod: "https://www.quivr.app/",
|
||||
preview: "https://preview.quivr.app/",
|
||||
local: ["http://localhost:3000", "http://localhost:3001"],
|
||||
},
|
||||
process.env.NEXT_PUBLIC_FRONTEND_URL,
|
||||
"https://www.google-analytics.com/",
|
||||
],
|
||||
"frame-ancestors": ["'none'"],
|
||||
"style-src": [
|
||||
"'unsafe-inline'",
|
||||
{
|
||||
prod: "https://www.quivr.app/",
|
||||
preview: "https://preview.quivr.app/",
|
||||
local: ["http://localhost:3000", "http://localhost:3001"],
|
||||
},
|
||||
],
|
||||
"style-src": ["'unsafe-inline'", process.env.NEXT_PUBLIC_FRONTEND_URL],
|
||||
};
|
||||
|
||||
// Resolve environment-specific CSP values
|
||||
for (const directive of Object.values(ContentSecurityPolicy)) {
|
||||
for (const [index, resource] of directive.entries()) {
|
||||
if (typeof resource === "string") {
|
||||
continue;
|
||||
}
|
||||
directive[index] = resource[process.env.NEXT_PUBLIC_ENV];
|
||||
if (Array.isArray(directive[index])) {
|
||||
directive[index] = directive[index].join(" ");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Build CSP string
|
||||
const cspString = Object.entries(ContentSecurityPolicy)
|
||||
.map(([key, values]) => `${key} ${values.join(" ")};`)
|
||||
|
Loading…
Reference in New Issue
Block a user