mirror of
https://github.com/StanGirard/quivr.git
synced 2024-11-30 11:46:32 +03:00
refactor: ♻️ ContentSecurityPolicy as an object (#1312)
* ♻️ ContentSecurityPolicy as an object
* CSP: Remove redundant operation
This commit is contained in:
parent
958993a960
commit
ed358c7fa3
@ -22,21 +22,50 @@ const nextConfig = {
|
||||
},
|
||||
};
|
||||
|
||||
const ContentSecurityPolicy = `
|
||||
default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so https://www.quivr.app/;
|
||||
connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so https://api.openai.com https://cdn.growthbook.io https://vitals.vercel-insights.com/v1/vitals;
|
||||
img-src 'self' https://www.gravatar.com data:;
|
||||
media-src 'self' https://user-images.githubusercontent.com https://www.quivr.app/ https://quivr-cms.s3.eu-west-3.amazonaws.com;
|
||||
script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/ https://www.google-analytics.com/;
|
||||
frame-ancestors 'none';
|
||||
style-src 'unsafe-inline' https://www.quivr.app/;
|
||||
`;
|
||||
const ContentSecurityPolicy = {
|
||||
"default-src": [
|
||||
"'self'",
|
||||
"https://fonts.googleapis.com",
|
||||
process.env.NEXT_PUBLIC_SUPABASE_URL,
|
||||
"https://api.june.so",
|
||||
"https://www.quivr.app/",
|
||||
],
|
||||
"connect-src": [
|
||||
"'self'",
|
||||
process.env.NEXT_PUBLIC_SUPABASE_URL,
|
||||
process.env.NEXT_PUBLIC_BACKEND_URL,
|
||||
"https://api.june.so",
|
||||
"https://api.openai.com",
|
||||
"https://cdn.growthbook.io",
|
||||
"https://vitals.vercel-insights.com/v1/vitals",
|
||||
],
|
||||
"img-src": ["'self'", "https://www.gravatar.com", "data:"],
|
||||
"media-src": [
|
||||
"'self'",
|
||||
"https://user-images.githubusercontent.com",
|
||||
"https://www.quivr.app/",
|
||||
"https://quivr-cms.s3.eu-west-3.amazonaws.com",
|
||||
],
|
||||
"script-src": [
|
||||
"'unsafe-inline'",
|
||||
"'unsafe-eval'",
|
||||
"https://va.vercel-scripts.com/",
|
||||
"https://www.quivr.app/",
|
||||
"https://www.google-analytics.com/",
|
||||
],
|
||||
"frame-ancestors": ["'none'"],
|
||||
"style-src": ["'unsafe-inline'", "https://www.quivr.app/"],
|
||||
};
|
||||
|
||||
const cspString = Object.entries(ContentSecurityPolicy)
|
||||
.map(([key, values]) => `${key} ${values.join(" ")};`)
|
||||
.join(" ");
|
||||
|
||||
// Define headers
|
||||
const securityHeaders = [
|
||||
{
|
||||
key: "Content-Security-Policy",
|
||||
value: ContentSecurityPolicy.replace(/\n/g, ""),
|
||||
value: cspString,
|
||||
},
|
||||
{
|
||||
key: "Referrer-Policy",
|
||||
|
Loading…
Reference in New Issue
Block a user