From b671641a283e59a38ad9f4922b58f0a99aa0bc70 Mon Sep 17 00:00:00 2001 From: Jeremy Wharton Date: Wed, 30 Aug 2023 20:31:10 -0500 Subject: [PATCH] satellite/console: update CSP to include storjapi.io This change updates our content security policy to include the domain storjapi.io and all of its subdomains. References #6188 Change-Id: I6f3073bc32aa99626c54caf00bf07d2253ccbb8f --- satellite/console/consoleweb/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/satellite/console/consoleweb/server.go b/satellite/console/consoleweb/server.go index cfea2147c..8e09aa9c1 100644 --- a/satellite/console/consoleweb/server.go +++ b/satellite/console/consoleweb/server.go @@ -546,7 +546,7 @@ func (server *Server) setAppHeaders(w http.ResponseWriter, r *http.Request) { cspValues := []string{ "default-src 'self'", "script-src 'sha256-wAqYV6m2PHGd1WDyFBnZmSoyfCK0jxFAns0vGbdiWUA=' 'self' *.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com *.hcaptcha.com", - "connect-src 'self' *.tardigradeshare.io *.storjshare.io https://hcaptcha.com *.hcaptcha.com " + server.config.GatewayCredentialsRequestURL, + "connect-src 'self' *.tardigradeshare.io *.storjshare.io *.storjapi.io https://hcaptcha.com *.hcaptcha.com " + server.config.GatewayCredentialsRequestURL, "frame-ancestors " + server.config.FrameAncestors, "frame-src 'self' *.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://hcaptcha.com *.hcaptcha.com", "img-src 'self' data: blob: *.tardigradeshare.io *.storjshare.io *.storjsatelliteshare.io",