Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e68923f

Browse files
BrunoQuaresmaBrunoQuaresma
authored
fix: Worker security policy (#5093)
1 parent 9fb710a commit e68923f

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

site/site.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,7 @@ const (
251251
CSPDirectiveFormAction = "form-action"
252252
CSPDirectiveMediaSrc = "media-src"
253253
CSPFrameAncestors = "frame-ancestors"
254+
CSPDirectiveWorkerSrc = "worker-src"
254255
)
255256

256257
func cspHeaders(next http.Handler) http.Handler {
@@ -283,6 +284,8 @@ func cspHeaders(next http.Handler) http.Handler {
283284
// Report all violations back to the server to log
284285
CSPDirectiveReportURI: {"/api/v2/csp/reports"},
285286
CSPFrameAncestors: {"'none'"},
287+
// worker for loading the .tar files on FE using js-untar
288+
CSPDirectiveWorkerSrc: {"'self' blob:"},
286289

287290
// Only scripts can manipulate the dom. This prevents someone from
288291
// naming themselves something like '<svg onload="alert(/cross-site-scripting/)" />'.

0 commit comments

Comments
 (0)