Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: configures report-only CSP for lab #2388

Merged
merged 19 commits into from
Jul 9, 2024
Merged

chore: configures report-only CSP for lab #2388

Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
83b083b
chore: dogfood CSP in report-only mode
bkrem Jun 10, 2024
775d56d
fix: tweak CSP
chris13524 Jun 10, 2024
6133ce0
fix: data, blob
chris13524 Jun 10, 2024
f22ca17
More CSP items
chris13524 Jun 10, 2024
2b4b6c9
fix: whitelist further img-src hosts used by w3m
bkrem Jun 11, 2024
e159075
fix: remove avatars from CSP
chris13524 Jun 11, 2024
3c4ca7f
fix: use self-hosted metadata icon
chris13524 Jun 11, 2024
e9ee30a
Merge branch 'main' into chore/csp-dogfooding
bkrem Jun 12, 2024
925e1d1
fix: adds missing `wss://www.walletlink.org`
bkrem Jun 13, 2024
9eaa546
chore: apply Content-Security-Policy (remove report-only)
bkrem Jun 13, 2024
e6029fe
Merge branch 'main' into chore/csp-dogfooding
bkrem Jun 14, 2024
0b92cec
chore: whitelist lab.web3modal.com for img-src
bkrem Jun 17, 2024
11c5db5
chore: set report-only, set headers to report to Sentry
bkrem Jun 17, 2024
a5a81af
Merge branch 'main' into chore/csp-dogfooding
bkrem Jun 17, 2024
075ae58
fix: ensure `report-to` header is stringified as value
bkrem Jun 17, 2024
c0da801
Update apps/laboratory/next.config.js
bkrem Jul 8, 2024
0de5329
fix: only permit `unsafe-eval` for non-production builds
bkrem Jul 8, 2024
e387491
Merge branch 'main' into chore/csp-dogfooding
bkrem Jul 8, 2024
8011f77
Merge branch 'main' into chore/csp-dogfooding
bkrem Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions apps/laboratory/next.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,34 @@
/** @type {import('next').NextConfig} */
const cspHeader = `
bkrem marked this conversation as resolved.
Show resolved Hide resolved
default-src 'self';
script-src 'self' 'unsafe-inline' 'unsafe-eval';
bkrem marked this conversation as resolved.
Show resolved Hide resolved
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
img-src 'self' data: https://walletconnect.org;
chris13524 marked this conversation as resolved.
Show resolved Hide resolved
font-src 'self' https://fonts.gstatic.com;
connect-src 'self' https://rpc.walletconnect.com https://rpc.walletconnect.org https://explorer.walletconnect.com https://explorer.walletconnect.org https://relay.walletconnect.com https://relay.walletconnect.org wss://relay.walletconnect.com wss://relay.walletconnect.org https://pulse.walletconnect.com https://pulse.walletconnect.org https://api.web3modal.com;
chris13524 marked this conversation as resolved.
Show resolved Hide resolved
frame-src 'self' https://verify.walletconnect.com https://verify.walletconnect.org;
chris13524 marked this conversation as resolved.
Show resolved Hide resolved
object-src 'none';
base-uri 'self';
form-action 'self';
frame-ancestors 'none';
`

const nextConfig = {
reactStrictMode: true,
trailingSlash: true,
distDir: 'out',
cleanDistDir: true,
async headers() {
return [
{
source: '/:path*',
headers: [
{
key: 'Content-Security-Policy-Report-Only',
value: cspHeader.replace(/\n/g, ' ').trim()
}
]
},
{
source: '/.well-known/apple-app-site-association',
headers: [{ key: 'content-type', value: 'application/json' }]
Expand Down
Loading