commit 4283a49e0b96da5b9b6dcb2f93cb6c77c0d13c0e
parent 1e32db8c416c3c5853d5022c43a35830a1a8518b
Author: Jeremy Lin <jeremy.lin@gmail.com>
Date: Tue, 11 Oct 2022 21:25:29 -0700
Reformat CSP header for readability
Diffstat:
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/src/util.rs b/src/util.rs
@@ -63,16 +63,30 @@ impl Fairing for AppHeaders {
// app.simplelogin.io, app.anonaddy.com, api.fastmail.com
let csp = format!(
"default-src 'self'; \
+ object-src 'self' blob:; \
script-src 'self'{script_src}; \
style-src 'self' 'unsafe-inline'; \
- img-src 'self' data: https://haveibeenpwned.com/ https://www.gravatar.com {icon_service_csp}; \
child-src 'self' https://*.duosecurity.com https://*.duofederal.com; \
frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; \
- connect-src 'self' https://api.pwnedpasswords.com/range/ https://2fa.directory/api/ https://app.simplelogin.io/api/ https://app.anonaddy.com/api/ https://api.fastmail.com/; \
- object-src 'self' blob:; \
- frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* {allowed_iframe_ancestors};",
- icon_service_csp=CONFIG._icon_service_csp(),
- allowed_iframe_ancestors=CONFIG.allowed_iframe_ancestors()
+ frame-ancestors 'self' \
+ chrome-extension://nngceckbapebfimnlniiiahkandclblb \
+ chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh \
+ moz-extension://* \
+ {allowed_iframe_ancestors}; \
+ img-src 'self' data: \
+ https://haveibeenpwned.com/ \
+ https://www.gravatar.com \
+ {icon_service_csp}; \
+ connect-src 'self' \
+ https://api.pwnedpasswords.com/range/ \
+ https://2fa.directory/api/ \
+ https://app.simplelogin.io/api/ \
+ https://app.anonaddy.com/api/ \
+ https://api.fastmail.com/ \
+ ;\
+ ",
+ icon_service_csp = CONFIG._icon_service_csp(),
+ allowed_iframe_ancestors = CONFIG.allowed_iframe_ancestors()
);
res.set_raw_header("Content-Security-Policy", csp);
res.set_raw_header("X-Frame-Options", "SAMEORIGIN");