Skip to content

Commit

Permalink
DCXY-18423 add child-src rule, with blob: for dev and stage
Browse files Browse the repository at this point in the history
  • Loading branch information
Adam Peller committed Jul 23, 2023
1 parent 65eda6d commit 4d8ab67
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 4 deletions.
3 changes: 2 additions & 1 deletion acrobat/scripts/contentSecurityPolicy/csp.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ async function getCspEnv() {
export default async function ContentSecurityPolicy() {
const { default: ENV } = await getCspEnv();

const theCSP = `connect-src ${ENV.connectSrc.join(' ')}\
const theCSP = `child-src ${ENV.childSrc.join(' ')}\
connect-src ${ENV.connectSrc.join(' ')}\
default-src ${ENV.defaultSrc.join(' ')}\
font-src ${ENV.fontSrc.join(' ')}\
form-action ${ENV.formAction.join(' ')}\
Expand Down
8 changes: 7 additions & 1 deletion acrobat/scripts/contentSecurityPolicy/dev.js
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
const childSrc = [
'\'self\'',
'blob:',
';',
];

const connectSrc = [
'\'self\'',
'blob:',
Expand Down Expand Up @@ -225,4 +231,4 @@ const workerSrc = [
// TRY This
// use variables for the different domians

export default { connectSrc, defaultSrc, fontSrc, formAction, frameSrc, imgSrc, manifestSrc, scriptSrc, styleSrc, workerSrc};
export default { childSrc, connectSrc, defaultSrc, fontSrc, formAction, frameSrc, imgSrc, manifestSrc, scriptSrc, styleSrc, workerSrc};
7 changes: 6 additions & 1 deletion acrobat/scripts/contentSecurityPolicy/prod.js
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
const childSrc = [
'\'self\'',
';',
];

const connectSrc = [
'\'self\'',
'blob:',
Expand Down Expand Up @@ -239,4 +244,4 @@ const workerSrc = [
';',
];

export default { connectSrc, defaultSrc, fontSrc, formAction, frameSrc, imgSrc, manifestSrc, scriptSrc, styleSrc, workerSrc};
export default { childSrc, connectSrc, defaultSrc, fontSrc, formAction, frameSrc, imgSrc, manifestSrc, scriptSrc, styleSrc, workerSrc};
8 changes: 7 additions & 1 deletion acrobat/scripts/contentSecurityPolicy/stage.js
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
const childSrc = [
'\'self\'',
'blob:',
';',
];

const connectSrc = [
'\'self\'',
'blob:',
Expand Down Expand Up @@ -258,4 +264,4 @@ const workerSrc = [
';',
];

export default { connectSrc, defaultSrc, fontSrc, formAction, frameSrc, imgSrc, manifestSrc, scriptSrc, styleSrc, workerSrc};
export default { childSrc, connectSrc, defaultSrc, fontSrc, formAction, frameSrc, imgSrc, manifestSrc, scriptSrc, styleSrc, workerSrc};

0 comments on commit 4d8ab67

Please sign in to comment.