StanGirard/quivr
1
1
Fork 0
mirror of https://github.com/StanGirard/quivr.git synced 2024-11-27 10:20:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

refactor: ♻️ ContentSecurityPolicy as an object (#1312)

Browse Source 
* ♻️  ContentSecurityPolicy as an object

* CSP: Remove redundant operation
This commit is contained in:
Matthieu Jacq 2023-10-03 16:16:02 +02:00 committed by GitHub
parent 958993a960
commit ed358c7fa3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
frontend/next.config.js
View File

@ -22,21 +22,50 @@ const nextConfig = {
},
};
const ContentSecurityPolicy = `
default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so https://www.quivr.app/;
connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so https://api.openai.com https://cdn.growthbook.io https://vitals.vercel-insights.com/v1/vitals;
img-src 'self' https://www.gravatar.com data:;
media-src 'self' https://user-images.githubusercontent.com https://www.quivr.app/ https://quivr-cms.s3.eu-west-3.amazonaws.com;
script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/ https://www.google-analytics.com/;
frame-ancestors 'none';
style-src 'unsafe-inline' https://www.quivr.app/;
`;
const ContentSecurityPolicy = {
"default-src": [
"'self'",
"https://fonts.googleapis.com",
process.env.NEXT_PUBLIC_SUPABASE_URL,
"https://api.june.so",
"https://www.quivr.app/",
],
"connect-src": [
"'self'",
process.env.NEXT_PUBLIC_SUPABASE_URL,
process.env.NEXT_PUBLIC_BACKEND_URL,
"https://api.june.so",
"https://api.openai.com",
"https://cdn.growthbook.io",
"https://vitals.vercel-insights.com/v1/vitals",
],
"img-src": ["'self'", "https://www.gravatar.com", "data:"],
"media-src": [
"'self'",
"https://user-images.githubusercontent.com",
"https://www.quivr.app/",
"https://quivr-cms.s3.eu-west-3.amazonaws.com",
],
"script-src": [
"'unsafe-inline'",
"'unsafe-eval'",
"https://va.vercel-scripts.com/",
"https://www.quivr.app/",
"https://www.google-analytics.com/",
],
"frame-ancestors": ["'none'"],
"style-src": ["'unsafe-inline'", "https://www.quivr.app/"],
};
const cspString = Object.entries(ContentSecurityPolicy)
.map(([key, values]) => `${key} ${values.join(" ")};`)
.join(" ");
// Define headers
const securityHeaders = [
{
key: "Content-Security-Policy",
value: ContentSecurityPolicy.replace(/\n/g, ""),
value: cspString,
},
{
key: "Referrer-Policy",