Fixing CSP for iOS devices. Fixes #669

This commit is contained in:
Dessalines 2022-06-01 12:42:02 -04:00
parent 9f9b9ca115
commit e9892292f9
2 changed files with 11 additions and 12 deletions

View file

@ -11,7 +11,7 @@ import process from "process";
import serialize from "serialize-javascript"; import serialize from "serialize-javascript";
import { App } from "../shared/components/app/app"; import { App } from "../shared/components/app/app";
import { SYMBOLS } from "../shared/components/common/symbols"; import { SYMBOLS } from "../shared/components/common/symbols";
import { httpBaseInternal } from "../shared/env"; import { httpBaseInternal, wsUriBase } from "../shared/env";
import { import {
ILemmyConfig, ILemmyConfig,
InitialFetchRequest, InitialFetchRequest,
@ -27,16 +27,15 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"]
const extraThemesFolder = const extraThemesFolder =
process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes"; process.env["LEMMY_UI_EXTRA_THEMES_FOLDER"] || "./extra_themes";
// Commenting out for now, since this broke iOS / webkit browsers. if (!process.env["LEMMY_UI_DEBUG"]) {
// if (!process.env["LEMMY_UI_DEBUG"]) { server.use(function (_req, res, next) {
// server.use(function (_req, res, next) { res.setHeader(
// res.setHeader( "Content-Security-Policy",
// "Content-Security-Policy", `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'`
// `default-src 'none'; connect-src 'self' ${wsUriBase}; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'` );
// ); next();
// next(); });
// }); }
// }
const customHtmlHeader = process.env["LEMMY_UI_CUSTOM_HTML_HEADER"] || ""; const customHtmlHeader = process.env["LEMMY_UI_CUSTOM_HTML_HEADER"] || "";
server.use(express.json()); server.use(express.json());

View file

@ -29,7 +29,7 @@ if (isBrowser()) {
// server-side // server-side
externalHost = process.env.LEMMY_EXTERNAL_HOST || testHost; externalHost = process.env.LEMMY_EXTERNAL_HOST || testHost;
host = internalHost; host = internalHost;
wsHost = process.env.LEMMY_WS_HOST || host; wsHost = process.env.LEMMY_WS_HOST || externalHost;
secure = process.env.LEMMY_HTTPS == "true" ? "s" : ""; secure = process.env.LEMMY_HTTPS == "true" ? "s" : "";
} }