Skip to content

Commit

Permalink
Add blob urls to Content Security Policy headers (#2203)
Browse files Browse the repository at this point in the history
  • Loading branch information
Vanniix authored Jun 23, 2023
1 parent 14ff4ba commit a3687ae
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
6 changes: 3 additions & 3 deletions src/subcommand/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -788,11 +788,11 @@ impl Server {
);
headers.insert(
header::CONTENT_SECURITY_POLICY,
HeaderValue::from_static("default-src 'self' 'unsafe-eval' 'unsafe-inline' data:"),
HeaderValue::from_static("default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:"),
);
headers.append(
header::CONTENT_SECURITY_POLICY,
HeaderValue::from_static("default-src *:*/content/ *:*/blockheight *:*/blockhash *:*/blockhash/ *:*/blocktime 'unsafe-eval' 'unsafe-inline' data:"),
HeaderValue::from_static("default-src *:*/content/ *:*/blockheight *:*/blockhash *:*/blockhash/ *:*/blocktime 'unsafe-eval' 'unsafe-inline' data: blob:"),
);
headers.insert(
header::CACHE_CONTROL,
Expand Down Expand Up @@ -2302,7 +2302,7 @@ mod tests {
server.assert_response_csp(
format!("/preview/{}", InscriptionId::from(txid)),
StatusCode::OK,
"default-src 'self' 'unsafe-eval' 'unsafe-inline' data:",
"default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:",
"hello",
);
}
Expand Down
4 changes: 2 additions & 2 deletions tests/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -189,8 +189,8 @@ fn inscription_content() {
.into_iter()
.collect::<Vec<&http::HeaderValue>>(),
&[
"default-src 'self' 'unsafe-eval' 'unsafe-inline' data:",
"default-src *:*/content/ *:*/blockheight *:*/blockhash *:*/blockhash/ *:*/blocktime 'unsafe-eval' 'unsafe-inline' data:",
"default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:",
"default-src *:*/content/ *:*/blockheight *:*/blockhash *:*/blockhash/ *:*/blocktime 'unsafe-eval' 'unsafe-inline' data: blob:",
]
);
assert_eq!(response.bytes().unwrap(), "FOO");
Expand Down

0 comments on commit a3687ae

Please sign in to comment.