beenull/ente
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
7392 commits 18 branches 104 tags 490 MiB
Commit graph

30 commits

Author SHA1 Message Date
httpjamesm c680a81ce3
feat: monorepo, turbo config, minimal pkgs 2023-04-18 17:29:40 -04:00
Manav 2373dab221 Add the URL of the secondary hot storage in the CSP whitelist 
Tested by: making this change, and connecting to Phoenix museum (which serves
the secondary hot storage), and verifying that the CSP policy reports that were
getting logged to console no longer appear.
 2023-01-06 19:18:52 +05:30
Abhinav 7117669491 block object src to none 2022-03-02 15:44:53 +05:30
Abhinav 1296e961d6 allow blob uri as child-src 2022-03-02 15:42:56 +05:30
Abhinav b95223185d update csp 2022-03-01 10:35:01 +05:30
Abhinav 6b7885711c fix malformated csp directive 2022-02-25 12:13:51 +05:30
Abhinav ab63fe86cd update _header file with new CSP headers 2022-02-20 19:08:27 +05:30
Abhinav 72ed18f7aa change csp to report only for deployment 2022-01-04 11:16:54 +05:30
Abhinav b789e628ae fix b2 domain for connect-src 2022-01-04 11:04:05 +05:30
Abhinav db3820aba0 add b2 upload URL domain to connect-src 2022-01-03 18:33:12 +05:30
Abhinav 09e4f89aa8 allow blob for script src 2022-01-03 16:02:18 +05:30
Abhinav 9c0f123fb9 allow blob foir connect-src 2022-01-03 15:35:41 +05:30
Abhinav 52f0ac0027 update csp report URL 2022-01-03 15:10:01 +05:30
Abhinav 6e62f312bf update to use ente domain url for workes instead of worker.dev cf domains 2021-12-20 15:51:24 +05:30
Abhinav 7b739ae003 add suggested observatory header 2021-12-03 20:38:03 +05:30
Abhinav 7df09a17ea cleanup 2021-12-03 20:20:56 +05:30
Abhinav 5df92125f5 add unsafe eval to allow heif.js new Function() call 2021-12-03 17:23:16 +05:30
Abhinav 949dd07821 activate content scurity policy 2021-12-03 14:41:03 +05:30
Abhinav 5931bf87d0 add data: protocol for connect-src and remove require trusted for script 2021-12-03 14:40:12 +05:30
Abhinav 59b3745dbd add unsafe inline to style-src 
no good solution to implement nonce and hash exists current

https://github.com/styled-components/styled-components/issues/2363

https://github.com/vercel/next.js/issues/18557#issuecomment-768205738
 2021-12-02 15:28:17 +05:30
Abhinav e7bed748c4 fix report-uri 2021-12-02 14:49:11 +05:30
Abhinav a8ad8b22ff add missing report to and reporturi to 2021-12-02 14:47:00 +05:30
Abhinav 4b032058d7 move all directive except script-src to header 2021-12-02 14:33:36 +05:30
Abhinav d88e64b2c4 add mode block to xss protection 2021-12-02 13:02:38 +05:30
Abhinav 87f3f7aa67 add Referrer-Policy header 2021-12-02 12:29:00 +05:30
Abhinav 366a283f65 move csp to meta tag in document to add inline script hash 2021-12-02 12:03:25 +05:30
Abhinav 4580470812 changed object src to none 2021-12-02 10:12:47 +05:30
Abhinav d297b82887 fix csp self value , by adding quotes 2021-12-01 20:15:11 +05:30
Abhinav bfd869503d update csp to report only and add report URI 2021-12-01 18:37:10 +05:30
Abhinav ec699c148f added clouflare headers config file 2021-12-01 12:39:35 +05:30