Skip to content

Commit

Permalink
Add CSP header (#11921)
Browse files Browse the repository at this point in the history
  • Loading branch information
@timroes @suhomud
timroes authored and suhomud committed May 23, 2022
1 parent ed1f18d commit 2a6936e
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
2 changes: 2 additions & 0 deletions airbyte-webapp/nginx/default.conf.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ server {
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;

add_header Content-Security-Policy "script-src * 'unsafe-inline';";

location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
Expand Down
6 changes: 6 additions & 0 deletions airbyte-webapp/src/setupProxy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@
const express = require("express");

module.exports = (app) => {
// Set the CSP header in development to detect potential breakages.
// This should always match the header in airbyte-webapp/nginx/default.conf.template
app.use((req, resp, next) => {
resp.header("Content-Security-Policy", "script-src * 'unsafe-inline';");
next();
});
// Serve the doc markdowns and assets that are also bundled into the docker image
app.use("/docs/integrations", express.static(`${__dirname}/../../docs/integrations`));
app.use("/docs/.gitbook", express.static(`${__dirname}/../../docs/.gitbook`));
Expand Down

0 comments on commit 2a6936e

Please sign in to comment.