From dd383be9c3ad613456c537def204f2ba51d7922d Mon Sep 17 00:00:00 2001 From: hossein Date: Mon, 12 Aug 2024 17:24:24 +0330 Subject: [PATCH] chore: update address permissions (security) --- packages/webapp/next.config.js | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/packages/webapp/next.config.js b/packages/webapp/next.config.js index 8649904a6..807998343 100644 --- a/packages/webapp/next.config.js +++ b/packages/webapp/next.config.js @@ -53,11 +53,11 @@ module.exports = withPWA({ '*.supabase.co', '*.docs.plus', '*.localhost', - process.env.NEXT_PUBLIC_RESTAPI_URL, - process.env.NEXT_PUBLIC_PROVIDER_URL, - process.env.NEXT_PUBLIC_SUPABASE_URL, - process.env.NEXT_PUBLIC_SUPABASE_WS_URL - ] + process.env.NEXT_PUBLIC_RESTAPI_URL || '', + process.env.NEXT_PUBLIC_PROVIDER_URL || '', + process.env.NEXT_PUBLIC_SUPABASE_URL || '', + process.env.NEXT_PUBLIC_SUPABASE_WS_URL || '' + ].filter(Boolean) // Filters out any empty strings return [ { @@ -66,15 +66,15 @@ module.exports = withPWA({ contentSecurityPolicy: { directives: { defaultSrc: ["'self'"], - scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"], - styleSrc: ["'self'", "'unsafe-inline'"], - imgSrc: allowAddress, - connectSrc: allowAddress, - fontSrc: ["'self'", 'data:'], + scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'", ...allowAddress], + styleSrc: ["'self'", "'unsafe-inline'", ...allowAddress], + imgSrc: [...allowAddress, '*'], + connectSrc: [...allowAddress, '*'], + fontSrc: ["'self'", 'data:', '*'], objectSrc: ["'none'"], - frameSrc: ["'self'"], - frameAncestors: ["'self'"], - formAction: ["'self'"], + frameSrc: ["'self'", ...allowAddress], + frameAncestors: ["'self'", ...allowAddress], + formAction: ["'self'", ...allowAddress], upgradeInsecureRequests: [] } },