mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
fix: Fix CSP for monaco editor (#5358)
This commit is contained in:
Bruno Quaresma
GitHub
@ -266,9 +266,12 @@ func cspHeaders(next http.Handler) http.Handler {
|
|||||||
CSPDirectiveDefaultSrc: {"'self'"},
|
CSPDirectiveDefaultSrc: {"'self'"},
|
||||||
CSPDirectiveConnectSrc: {"'self'"},
|
CSPDirectiveConnectSrc: {"'self'"},
|
||||||
CSPDirectiveChildSrc: {"'self'"},
|
CSPDirectiveChildSrc: {"'self'"},
|
||||||
CSPDirectiveScriptSrc: {"'self'"},
|
// https://cdn.jsdelivr.net is used by monaco editor on FE for Syntax Highlight
|
||||||
CSPDirectiveFontSrc: {"'self'"},
|
// https://github.com/suren-atoyan/monaco-react/issues/168
|
||||||
CSPDirectiveStyleSrc: {"'self' 'unsafe-inline'"},
|
CSPDirectiveScriptSrc: {"'self' https://cdn.jsdelivr.net"},
|
||||||
|
// data: is used by monaco editor on FE for Syntax Highlight
|
||||||
|
CSPDirectiveFontSrc: {"'self' data:"},
|
||||||
|
CSPDirectiveStyleSrc: {"'self' 'unsafe-inline'"},
|
||||||
// object-src is needed to support code-server
|
// object-src is needed to support code-server
|
||||||
CSPDirectiveObjectSrc: {"'self'"},
|
CSPDirectiveObjectSrc: {"'self'"},
|
||||||
// blob: for loading the pwa manifest for code-server
|
// blob: for loading the pwa manifest for code-server
|
||||||
|
|||||||
Reference in New Issue
Block a user