Add Content-Security-Policy header to webpack so the dev server behaves like Pleroma production

213e8249 · feld · 6fdbd444 · 213e8249
Commit 213e8249 authored 5 years ago by feld
--- a/build/webpack.dev.conf.js
+++ b/build/webpack.dev.conf.js
@@ -46,6 +46,9 @@ const devWebpackConfig = merge(baseWebpackConfig, {
    quiet: true, // necessary for FriendlyErrorsPlugin
    watchOptions: {
      poll: config.dev.poll
+    },
+    headers: {
+      'content-security-policy': "base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; script-src 'self';"
    }
  },
  plugins: [