Improve Content-Security-Policy (#25210)

element-hq · Apr 26, 2023 · afab952 · afab952
1 parent 59b6285
commit afab952
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/vector/index.html b/src/vector/index.html
@@ -26,7 +26,7 @@
     <meta http-equiv="Content-Security-Policy" content="
         default-src 'none';
         style-src 'self' 'unsafe-inline' <%= csp_extra_source %>;
-        script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com <%= csp_extra_source %>;
+        script-src 'self' 'wasm-unsafe-eval' https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ <%= csp_extra_source %>;
         img-src * blob: data:;
         connect-src *;
         font-src 'self' data: <%= csp_extra_source %>;

diff --git a/webpack.config.js b/webpack.config.js
@@ -99,8 +99,8 @@ module.exports = (env, argv) => {
 
     const development = {};
     if (devMode) {
-        // High quality, embedded source maps for dev builds
-        development["devtool"] = "eval-source-map";
+        // Embedded source maps for dev builds, can't use eval-source-map due to CSP
+        development["devtool"] = "inline-source-map";
     } else {
         if (process.env.CI_PACKAGE) {
             // High quality source maps in separate .map files which include the source. This doesn't bulk up the .js