t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

add: serve csp through header

Browse source
This commit is contained in:
trisua 2025-06-15 23:52:33 -04:00
parent dd8e6561e6
commit 844e60df30
2 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
crates/app/src/main.rs
View file

@ -119,10 +119,10 @@ async fn main() {
.make_span_with(trace::DefaultMakeSpan::new().level(Level::INFO))
.on_response(trace::DefaultOnResponse::new().level(Level::INFO)),
)
// .layer(SetResponseHeaderLayer::if_not_present(
// HeaderName::from_static("X-Frame-Options"),
// HeaderValue::from_static("SAMEORIGIN"),
// ))
.layer(SetResponseHeaderLayer::if_not_present(
HeaderName::from_static("content-security-policy"),
HeaderValue::from_static("default-src 'self' blob: *.spotify.com musicbrainz.org; frame-ancestors 'self'; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' blob: *; script-src 'self' 'unsafe-inline' blob: *; object-src 'self' blob: *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' blob: data: *"),
))
.layer(CatchPanicLayer::new());
let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{}", config.port))

1
crates/app/src/public/html/root.lisp
View file

@ -7,7 +7,6 @@
(meta ("charset" "UTF-8"))
(meta ("name" "viewport") ("content" "width=device-width, initial-scale=1.0"))
(meta ("http-equiv" "X-UA-Compatible") ("content" "ie=edge"))
(meta ("http-equiv" "content-security-policy") ("content" "default-src 'self' blob: *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' blob: *; script-src 'self' 'unsafe-inline' blob: *; object-src 'self' blob: *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' blob: data: *"))
(link ("rel" "icon") ("href" "/public/favicon.svg"))
(link ("rel" "stylesheet") ("href" "/css/style.css"))