MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make directives immutable

This commit is contained in:
Martin McKeaveney 2024-11-10 13:11:49 +00:00
parent 1543e6dc2b
commit 9525cf8682
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/backend-core/src/middleware/contentSecurityPolicy.ts
View File

@ -90,11 +90,12 @@ export async function contentSecurityPolicy(ctx: any, next: any) {
try {
const nonce = crypto.randomBytes(16).toString("base64")
CSP_DIRECTIVES["script-src"].push(`'nonce-${nonce}'`)
const directives = { ...CSP_DIRECTIVES }
directives["script-src"] = [...CSP_DIRECTIVES["script-src"], `'nonce-${nonce}'`]
ctx.state.nonce = nonce
const cspHeader = Object.entries(CSP_DIRECTIVES)
const cspHeader = Object.entries(directives)
.map(([key, sources]) => `${key} ${sources.join(" ")}`)
.join("; ")
ctx.set("Content-Security-Policy", cspHeader)