all repos — searchix @ 68cd867bf76a0bfe6c07c13acb25ac231de4998f

Search engine for NixOS, nix-darwin, home-manager and NUR users

build: optimise and fix handing of csp headers in dev mode
Alan Pearce alan@alanpearce.eu
Sun, 12 May 2024 12:56:47 +0200
commit

68cd867bf76a0bfe6c07c13acb25ac231de4998f

parent

628c2a858191cde34478b760b3c8c6c23a420088

1 files changed, 4 insertions(+), 3 deletions(-)

jump to
M internal/server/mux.gointernal/server/mux.go
@@ -11,7 +11,6 @@ "net/http" 	"net/url"
 	"os"
 	"path"
-	"slices"
 	"strconv"
 	"time"
 
@@ -69,8 +68,10 @@ Next           string }
 
 func applyDevModeOverrides(config *cfg.Config) {
-	config.CSP.ScriptSrc = slices.Insert(config.CSP.ScriptSrc, 0, "'unsafe-inline'")
-	config.CSP.ConnectSrc = slices.Insert(config.CSP.ConnectSrc, 0, "'self'")
+	if len(config.CSP.ScriptSrc) == 0 {
+		config.CSP.ScriptSrc = config.CSP.DefaultSrc
+	}
+	config.CSP.ScriptSrc = append(config.CSP.ScriptSrc, "'unsafe-inline'")
 }
 
 func NewMux(runtimeConfig *Config) (*http.ServeMux, error) {