usbharu
/
misskey
mirror of https://github.com/misskey-dev/misskey.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

unsafe-evalを削除

This commit is contained in:
Ry0taK 2023-02-11 12:50:03 +00:00
parent ffd4d44ecb
commit f9d254b3e1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/backend/src/server/web/ClientServerService.ts
View File

@ -176,7 +176,7 @@ export class ClientServerService {
// XSSが存在した場合に影響を軽減する // XSSが存在した場合に影響を軽減する
// (script-srcにunsafe-inline等を追加すると意味が無くなるので注意) // (script-srcにunsafe-inline等を追加すると意味が無くなるので注意)
const csp = this.config.contentSecurityPolicy const csp = this.config.contentSecurityPolicy
?? 'script-src \'self\' \'unsafe-eval\' ' + ?? 'script-src \'self\' ' +
'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; ' + 'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; ' +
'base-uri \'self\'; object-src \'self\'; report-uri /csp-error'; 'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
reply.header('Content-Security-Policy-Report-Only', csp); reply.header('Content-Security-Policy-Report-Only', csp);