added unsafe inline as fallback to hash for script-src
This commit is contained in:
parent
25ef3a8a44
commit
14094d1ad0
|
@ -61,19 +61,19 @@ export default class MyDocument extends Document {
|
|||
}
|
||||
|
||||
render() {
|
||||
let csp = {
|
||||
...BASE_CSP_DIRECTIVES,
|
||||
'script-src': `'self' ${cspHashOf(
|
||||
const scriptDirective = {
|
||||
'script-src': `'unsafe-inline' 'self' ${cspHashOf(
|
||||
NextScript.getInlineScriptSource(this.props)
|
||||
)}`,
|
||||
};
|
||||
let csp = {
|
||||
...BASE_CSP_DIRECTIVES,
|
||||
...scriptDirective,
|
||||
};
|
||||
if (process.env.NODE_ENV !== 'production') {
|
||||
csp = {
|
||||
...BASE_CSP_DIRECTIVES,
|
||||
...csp,
|
||||
...DEV_CSP_DIRECTIVES,
|
||||
'script-src': `'unsafe-eval' 'self' ${cspHashOf(
|
||||
NextScript.getInlineScriptSource(this.props)
|
||||
)}`,
|
||||
};
|
||||
}
|
||||
return (
|
||||
|
|
Loading…
Reference in a new issue