build: optimise and fix handing of csp headers in dev mode
Alan Pearce alan@alanpearce.eu
Sun, 12 May 2024 12:56:47 +0200
1 files changed, 4 insertions(+), 3 deletions(-)
jump to
M internal/server/mux.go → internal/server/mux.go
@@ -11,7 +11,6 @@ "net/http" "net/url" "os" "path" - "slices" "strconv" "time" @@ -69,8 +68,10 @@ Next string } func applyDevModeOverrides(config *cfg.Config) { - config.CSP.ScriptSrc = slices.Insert(config.CSP.ScriptSrc, 0, "'unsafe-inline'") - config.CSP.ConnectSrc = slices.Insert(config.CSP.ConnectSrc, 0, "'self'") + if len(config.CSP.ScriptSrc) == 0 { + config.CSP.ScriptSrc = config.CSP.DefaultSrc + } + config.CSP.ScriptSrc = append(config.CSP.ScriptSrc, "'unsafe-inline'") } func NewMux(runtimeConfig *Config) (*http.ServeMux, error) {