diff --git a/apps/web/webpack.config.js b/apps/web/webpack.config.js index 3b472c45d4..0382f42870 100644 --- a/apps/web/webpack.config.js +++ b/apps/web/webpack.config.js @@ -218,68 +218,67 @@ const devServer = }, headers: (req) => { if (!req.originalUrl.includes("connector.html")) { - return [ - { - key: "Content-Security-Policy", - value: ` - default-src 'self'; - script-src - 'self' - 'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w=' - https://js.stripe.com - https://js.braintreegateway.com - https://www.paypalobjects.com; - style-src - 'self' - https://assets.braintreegateway.com - https://*.paypal.com - 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' - 'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='; - 'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg=' - img-src - 'self' - data: - https://icons.bitwarden.net - https://*.paypal.com - https://www.paypalobjects.com - https://q.stripe.com - https://haveibeenpwned.com - https://www.gravatar.com; - child-src - 'self' - https://js.stripe.com - https://assets.braintreegateway.com - https://*.paypal.com - https://*.duosecurity.com; - frame-src - 'self' - https://js.stripe.com - https://assets.braintreegateway.com - https://*.paypal.com - https://*.duosecurity.com; - connect-src - 'self' - wss://notifications.bitwarden.com - https://notifications.bitwarden.com - https://cdn.bitwarden.net - https://api.pwnedpasswords.com - https://2fa.directory/api/v3/totp.json - https://api.stripe.com - https://www.paypal.com - https://api.braintreegateway.com - https://client-analytics.braintreegateway.com - https://*.braintree-api.com - https://*.blob.core.windows.net - https://app.simplelogin.io/api/alias/random/new - https://quack.duckduckgo.com/api/email/addresses - https://app.anonaddy.com/api/v1/aliases - https://api.fastmail.com - https://quack.duckduckgo.com/api/email/addresses; - object-src - 'self' - blob:;`, - }, - ]; + return { + "Content-Security-Policy": ` + default-src 'self' + ;script-src + 'self' + 'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w=' + https://js.stripe.com + https://js.braintreegateway.com + https://www.paypalobjects.com + ;style-src + 'self' + https://assets.braintreegateway.com + https://*.paypal.com + 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' + 'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4=' + 'sha256-or0p3LaHetJ4FRq+flVORVFFNsOjQGWrDvX8Jf7ACWg=' + ;img-src + 'self' + data: + https://icons.bitwarden.net + https://*.paypal.com + https://www.paypalobjects.com + https://q.stripe.com + https://haveibeenpwned.com + https://www.gravatar.com + ;child-src + 'self' + https://js.stripe.com + https://assets.braintreegateway.com + https://*.paypal.com + https://*.duosecurity.com + ;frame-src + 'self' + https://js.stripe.com + https://assets.braintreegateway.com + https://*.paypal.com + https://*.duosecurity.com + ;connect-src + 'self' + wss://notifications.bitwarden.com + https://notifications.bitwarden.com + https://cdn.bitwarden.net + https://api.pwnedpasswords.com + https://2fa.directory/api/v3/totp.json + https://api.stripe.com + https://www.paypal.com + https://api.braintreegateway.com + https://client-analytics.braintreegateway.com + https://*.braintree-api.com + https://*.blob.core.windows.net + https://app.simplelogin.io/api/alias/random/new + https://quack.duckduckgo.com/api/email/addresses + https://app.anonaddy.com/api/v1/aliases + https://api.fastmail.com + ;object-src + 'self' + blob: + ;` + .replace(/\n/g, " ") + .replace(/ +(?= )/g, ""), + }; } }, hot: false,