AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Aktualisiere CSP zur Unterstützung von PSPDFKit durch Aktivierung von unsafe-inline, unsafe-eval, Blob-URLs und Anpassung verschiedener Quellrichtlinien.

Browse Source
This commit is contained in:
Developer 02 2024-05-16 11:11:40 +02:00
parent d7252ce888
commit 81220ac9b4
2 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
EnvelopeGenerator.Web/appsettings.json
View File

@ -19,17 +19,18 @@
}, },
"PSPDFKitLicenseKey": null, "PSPDFKitLicenseKey": null,
/* The first format parameter {0} will be replaced by the nonce value. */ /* The first format parameter {0} will be replaced by the nonce value. */
"TestCSP": false, "TestCSP": true,
"Content-Security-Policy": [ "Content-Security-Policy": [
"default-src 'self'", "default-src 'self'",
"script-src 'self' 'nonce-{0}'", "script-src 'self' 'nonce-{0}' 'unsafe-inline' 'unsafe-eval' blob: data:",
"style-src 'self' 'nonce-{0}'", "style-src 'self' 'unsafe-inline'",
"img-src 'self' data: https:", "img-src 'self' data: https: blob:",
"font-src 'self'", "font-src 'self'",
"connect-src 'self' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:*", "connect-src 'self' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:* blob:",
"frame-src 'self'", "frame-src 'self'",
"media-src 'self'", "media-src 'self'",
"object-src 'self'" "object-src 'self'",
"worker-src 'self' blob: data:"
], ],
"AdminPassword": "dd", "AdminPassword": "dd",
"AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ], "AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ],