Merge pull request #43 from PHS-TSA/checkboxes

Fix CSP
PHS-TSA · May 9, 2024 · 457b8e3 · 457b8e3
2 parents c3af851 + 26b812e
commit 457b8e3
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/src/utils/csp.ts b/src/utils/csp.ts
@@ -1,19 +1,29 @@
-import { SELF, UNSAFE_INLINE, useCSP } from "$fresh/runtime.ts";
+import {
+  NONE,
+  SELF,
+  STRICT_DYNAMIC,
+  UNSAFE_INLINE,
+  useCSP,
+} from "$fresh/runtime.ts";
 
 export function useCsp(): void {
   useCSP((csp) => {
+    csp.directives.scriptSrc ??= [];
     csp.directives.scriptSrcElem ??= [];
     csp.directives.styleSrc ??= [];
     csp.directives.styleSrcElem ??= [];
     csp.directives.imgSrc ??= [];
     csp.directives.connectSrc ??= [];
     csp.directives.manifestSrc ??= [];
+    csp.directives.baseUri ??= [];
 
+    csp.directives.scriptSrc.push(STRICT_DYNAMIC, UNSAFE_INLINE);
     csp.directives.scriptSrcElem.push(SELF, UNSAFE_INLINE);
     csp.directives.styleSrc.push(SELF);
-    csp.directives.styleSrcElem.push(SELF, UNSAFE_INLINE);
-    csp.directives.imgSrc.push(SELF);
+    csp.directives.styleSrcElem.push(SELF, STRICT_DYNAMIC);
+    csp.directives.imgSrc.push(SELF, "data:");
     csp.directives.connectSrc.push(SELF);
     csp.directives.manifestSrc.push(SELF);
+    csp.directives.baseUri.push(NONE);
   });
 }