satellite/console: update CSP to include storjapi.io

This change updates our content security policy to include the domain
storjapi.io and all of its subdomains.

References #6188

Change-Id: I6f3073bc32aa99626c54caf00bf07d2253ccbb8f
This commit is contained in:
Jeremy Wharton 2023-08-30 20:31:10 -05:00 committed by Storj Robot
parent c202929413
commit b671641a28

View File

@ -546,7 +546,7 @@ func (server *Server) setAppHeaders(w http.ResponseWriter, r *http.Request) {
cspValues := []string{
"default-src 'self'",
"script-src 'sha256-wAqYV6m2PHGd1WDyFBnZmSoyfCK0jxFAns0vGbdiWUA=' 'self' *.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com *.hcaptcha.com",
"connect-src 'self' *.tardigradeshare.io *.storjshare.io https://hcaptcha.com *.hcaptcha.com " + server.config.GatewayCredentialsRequestURL,
"connect-src 'self' *.tardigradeshare.io *.storjshare.io *.storjapi.io https://hcaptcha.com *.hcaptcha.com " + server.config.GatewayCredentialsRequestURL,
"frame-ancestors " + server.config.FrameAncestors,
"frame-src 'self' *.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://hcaptcha.com *.hcaptcha.com",
"img-src 'self' data: blob: *.tardigradeshare.io *.storjshare.io *.storjsatelliteshare.io",