nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 21:48:12 -05:00
Code

add websockets to CSP

Browse Source
This commit is contained in:
Kyle Spearrin 2018-08-21 11:54:03 -04:00
parent fb1cae9fb1
commit fb92f67053
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
util/Setup/NginxConfigBuilder.cs
View File

@ -14,7 +14,7 @@ namespace Bit.Setup
"default-src 'self'; style-src 'self' 'unsafe-inline'; " + "default-src 'self'; style-src 'self' 'unsafe-inline'; " +
"img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " + "img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
"child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; " + "child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; " +
"connect-src 'self' https://haveibeenpwned.com https://api.pwnedpasswords.com;"; "connect-src 'self' wss://{0} https://haveibeenpwned.com https://api.pwnedpasswords.com;";
public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt, public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt,
bool trusted, bool diffieHellman) bool trusted, bool diffieHellman)
@ -147,7 +147,7 @@ server {{
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection ""1; mode=block""; add_header X-XSS-Protection ""1; mode=block"";
add_header Referrer-Policy same-origin; add_header Referrer-Policy same-origin;
add_header Content-Security-Policy ""{ContentSecurityPolicy}""; add_header Content-Security-Policy ""{string.Format(ContentSecurityPolicy, Domain)}"";
}} }}
location = /app-id.json {{ location = /app-id.json {{