mirror of
https://github.com/kremalicious/umami.git
synced 2024-12-24 18:26:20 +01:00
Fixed CSP issue, renamed var to ALLOWED_FRAME_URLS.
This commit is contained in:
parent
040420c5ec
commit
6316a0b917
@ -2,18 +2,13 @@
|
||||
require('dotenv').config();
|
||||
const pkg = require('./package.json');
|
||||
|
||||
const CLOUD_URL = 'https://cloud.umami.is';
|
||||
|
||||
// Space-separated list of URLs that can load the "Share" dashboard, i.e. http://app.localhost:7000 https://*.vercel.app
|
||||
const EMBED_HOSTED_URL = process.env.EMBED_HOSTED_URL;
|
||||
|
||||
const contentSecurityPolicy = `
|
||||
default-src 'self';
|
||||
img-src *;
|
||||
script-src 'self' 'unsafe-eval';
|
||||
style-src 'self' 'unsafe-inline';
|
||||
connect-src 'self' api.umami.is;
|
||||
frame-ancestors `self ${EMBED_HOSTED_URL}`;
|
||||
frame-ancestors 'self' ${process.env.ALLOWED_FRAME_URLS};
|
||||
`;
|
||||
|
||||
const headers = [
|
||||
@ -68,7 +63,7 @@ const redirects = [
|
||||
},
|
||||
];
|
||||
|
||||
if (process.env.CLOUD_MODE && process.env.DISABLE_LOGIN && process.env.CLOUD_URL) {
|
||||
if (process.env.CLOUD_MODE && process.env.CLOUD_URL && process.env.DISABLE_LOGIN) {
|
||||
redirects.push({
|
||||
source: '/login',
|
||||
destination: process.env.CLOUD_URL,
|
||||
|
Loading…
Reference in New Issue
Block a user