remove style-src 'unsafe-inline' :)

iliana · iliana · commit 22f40bbfc2aa · 2024-04-12T15:04:41.000-07:00
diff --git a/vercel.json b/vercel.json
@@ -7,7 +7,7 @@
       "headers": [
         {
           "key": "content-security-policy",
-          "value": "default-src 'self'; style-src 'unsafe-inline' 'self'; frame-src 'none'; object-src 'none'; form-action 'none'; frame-ancestors 'none'"
+          "value": "default-src 'self'; frame-src 'none'; object-src 'none'; form-action 'none'; frame-ancestors 'none'"
         },
         { "key": "x-content-type-options", "value": "nosniff" },
         { "key": "x-frame-options", "value": "DENY" }
diff --git a/vite.config.ts b/vite.config.ts
@@ -82,7 +82,7 @@ const cspNonce = randomBytes(8).toString('hex')
 const csp = headers['content-security-policy']
 const devHeaders = {
   ...headers,
-  'content-security-policy': `${csp}; script-src 'nonce-${cspNonce}' 'self'`,
+  'content-security-policy': `${csp}; script-src 'nonce-${cspNonce}' 'self'; style-src 'nonce-${cspNonce}' 'self'`,
 }
 
 // see https://vitejs.dev/config/

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`"headers": [`
`8`	`8`	`{`
`9`	`9`	`"key": "content-security-policy",`
`10`		`- "value": "default-src 'self'; style-src 'unsafe-inline' 'self'; frame-src 'none'; object-src 'none'; form-action 'none'; frame-ancestors 'none'"`
	`10`	`+ "value": "default-src 'self'; frame-src 'none'; object-src 'none'; form-action 'none'; frame-ancestors 'none'"`
`11`	`11`	`},`
`12`	`12`	`{ "key": "x-content-type-options", "value": "nosniff" },`
`13`	`13`	`{ "key": "x-frame-options", "value": "DENY" }`
Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ const cspNonce = randomBytes(8).toString('hex')`
`82`	`82`	`const csp = headers['content-security-policy']`
`83`	`83`	`const devHeaders = {`
`84`	`84`	`...headers,`
`85`		- 'content-security-policy': `${csp}; script-src 'nonce-${cspNonce}' 'self'`,
	`85`	+ 'content-security-policy': `${csp}; script-src 'nonce-${cspNonce}' 'self'; style-src 'nonce-${cspNonce}' 'self'`,
`86`	`86`	`}`
`87`	`87`
`88`	`88`	`// see https://vitejs.dev/config/`