aljaz/ditto
1
0
Fork 0
mirror of https://github.com/aljazceru/ditto.git synced 2025-12-17 05:24:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

csp: use the sentry origin instead of the URL itself

Browse Source
This commit is contained in:
Alex Gleason
2024-11-14 20:28:14 -06:00
parent 3d376ba8b3
commit aea31bce5d
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/middleware/cspMiddleware.ts
View File

@@ -22,7 +22,12 @@ export const cspMiddleware = (): AppMiddleware => {
const connectSrc = ["'self'", 'blob:', origin, `${wsProtocol}//${host}`];
if (typeof sentryDsn === 'string') {
connectSrc.push(sentryDsn);
try {
const dsn = new URL(sentryDsn);
connectSrc.push(dsn.origin);
} catch {
// Ignore
}
}
const policies = [