config.js
2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
"use strict";
module.exports = {
directives: {
'base-uri': { type: 'sourceList' },
'block-all-mixed-content': { type: 'boolean' },
'child-src': { type: 'sourceList' },
'connect-src': { type: 'sourceList' },
'default-src': {
type: 'sourceList',
hasStrictDynamic: true,
},
'font-src': { type: 'sourceList' },
'form-action': { type: 'sourceList' },
'frame-ancestors': { type: 'sourceList' },
'frame-src': { type: 'sourceList' },
'img-src': { type: 'sourceList' },
'manifest-src': { type: 'sourceList' },
'media-src': { type: 'sourceList' },
'object-src': { type: 'sourceList' },
'script-src': {
type: 'sourceList',
hasUnsafes: true,
hasStrictDynamic: true,
},
'style-src': {
type: 'sourceList',
hasUnsafes: true,
},
'prefetch-src': { type: 'sourceList' },
'plugin-types': { type: 'pluginTypes' },
sandbox: { type: 'sandbox' },
'report-to': { type: 'reportUri' },
'report-uri': { type: 'reportUri' },
'require-sri-for': { type: 'requireSriFor' },
'upgrade-insecure-requests': { type: 'boolean' },
'worker-src': {
type: 'sourceList',
hasUnsafes: true,
},
},
allHeaders: [
'Content-Security-Policy',
'X-Content-Security-Policy',
'X-WebKit-CSP',
],
mustQuote: ['none', 'self', 'unsafe-inline', 'unsafe-eval', 'strict-dynamic'],
unsafes: ["'unsafe-inline'", 'unsafe-inline', "'unsafe-eval'", 'unsafe-eval'],
strictDynamics: ["'strict-dynamic'", 'strict-dynamic'],
requireSriForValues: ['script', 'style'],
sandboxDirectives: [
'allow-downloads',
'allow-downloads-without-user-activation',
'allow-forms',
'allow-modals',
'allow-orientation-lock',
'allow-pointer-lock',
'allow-popups',
'allow-popups-to-escape-sandbox',
'allow-presentation',
'allow-same-origin',
'allow-scripts',
'allow-top-navigation',
],
};