From 213e82499a4732778573192864aecdeba9a4c8b3 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 7 May 2019 15:32:19 -0500 Subject: [PATCH] Add Content-Security-Policy header to webpack so the dev server behaves like Pleroma production --- build/webpack.dev.conf.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build/webpack.dev.conf.js b/build/webpack.dev.conf.js index eed01df9..fb90173a 100644 --- a/build/webpack.dev.conf.js +++ b/build/webpack.dev.conf.js @@ -46,6 +46,9 @@ const devWebpackConfig = merge(baseWebpackConfig, { quiet: true, // necessary for FriendlyErrorsPlugin watchOptions: { poll: config.dev.poll + }, + headers: { + 'content-security-policy': "base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; script-src 'self';" } }, plugins: [