coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: Restore DNS prefetching for static resources (#1820)

Browse Source 
* fix: Restore DNS prefetching for static resources

* fix: CDN paths
feat: preload instead of prefetch for key bundles

* csp

* fix: Turns out prefetch-src is still behind a flag in Chrome, not publicly available yet
This commit is contained in:
Tom Moor
2021-01-18 15:48:46 -08:00
committed by GitHub
parent 27fca28450
commit 3bace8c9e4
7 changed files with 76 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/app.js
View File

@ -23,21 +23,21 @@ const isProduction = process.env.NODE_ENV === "production";
const isTest = process.env.NODE_ENV === "test";
// Construct scripts CSP based on services in use by this installation
const defaultSrc = ["'self'"];
const scriptSrc = [
"'self'",
"'unsafe-inline'",
"'unsafe-eval'",
"gist.github.com",
"browser.sentry-cdn.com",
];
if (env.GOOGLE_ANALYTICS_ID) {
scriptSrc.push("www.google-analytics.com");
}
if (env.SENTRY_DSN) {
scriptSrc.push("browser.sentry-cdn.com");
}
if (env.CDN_URL) {
scriptSrc.push(env.CDN_URL);
defaultSrc.push(env.CDN_URL);
}
app.use(compress());
@ -167,7 +167,7 @@ app.use(helmet());
app.use(
contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
defaultSrc,
scriptSrc,
styleSrc: ["'self'", "'unsafe-inline'", "github.githubassets.com"],
imgSrc: ["*", "data:", "blob:"],