fix: explicitly allow wss in CSP connectSrc
Build Institutional Trader / build-and-deploy (push) Successful in 2m13s
Details
Build Institutional Trader / build-and-deploy (push) Successful in 2m13s
Details
This commit is contained in:
parent
2dba57191b
commit
b3373d6d85
|
|
@ -10,6 +10,7 @@ export const setupSecurity = (app) => {
|
|||
defaultSrc: ["'self'"],
|
||||
styleSrc: ["'self'", "'unsafe-inline'"],
|
||||
scriptSrc: ["'self'", "https://static.cloudflareinsights.com", "'unsafe-inline'"],
|
||||
connectSrc: ["'self'", "ws:", "wss:", "http:", "https:"],
|
||||
imgSrc: ["'self'", 'data:', 'https:'],
|
||||
},
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in New Issue