diff --git a/src/server/index.tsx b/src/server/index.tsx index 65f7308c..b2761867 100644 --- a/src/server/index.tsx +++ b/src/server/index.tsx @@ -11,7 +11,7 @@ import process from "process"; import serialize from "serialize-javascript"; import { App } from "../shared/components/app/app"; import { SYMBOLS } from "../shared/components/common/symbols"; -import { httpBaseInternal, wsUriBase } from "../shared/env"; +import { httpBaseInternal } from "../shared/env"; import { ILemmyConfig, InitialFetchRequest, @@ -27,15 +27,16 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"] const extraThemesFolder = process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes"; -if (!process.env["LEMMY_UI_DEBUG"]) { - server.use(function (_req, res, next) { - res.setHeader( - "Content-Security-Policy", - `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'` - ); - next(); - }); -} +// Commenting out for now, since this broke iOS / webkit browsers. +// if (!process.env["LEMMY_UI_DEBUG"]) { +// server.use(function (_req, res, next) { +// res.setHeader( +// "Content-Security-Policy", +// `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'` +// ); +// next(); +// }); +// } const customHtmlHeader = process.env["LEMMY_UI_CUSTOM_HTML_HEADER"] || ""; server.use(express.json());