nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[PS-2416 and PS-2417] dont set CSP config value by default (#2667)

Browse Source 
* dont set CSP config value by default

* space
This commit is contained in:
Kyle Spearrin
2023-02-03 14:50:33 -05:00
committed by GitHub
parent 7e74695afc
commit 0e84678150
3 changed files with 30 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
util/Setup/Configuration.cs
View File

@ -76,13 +76,7 @@ public class Configuration
[Description("Nginx Header Content-Security-Policy parameter\n" +
"WARNING: Reconfiguring this parameter may break features. By changing this parameter\n" +
"you become responsible for maintaining this value.")]
public string NginxHeaderContentSecurityPolicy { get; set; } = "default-src 'self'; " +
"script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; " +
"img-src 'self' data: https://haveibeenpwned.com; " +
"child-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
"frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
"connect-src 'self' wss://{0} https://api.pwnedpasswords.com " +
"https://api.2fa.directory; object-src 'self' blob:;";
public string NginxHeaderContentSecurityPolicy { get; set; }
[Description("Communicate with the Bitwarden push relay service (push.bitwarden.com) for mobile\n" +
"app live sync.")]