Aktualisiere CSP zur Unterstützung von PSPDFKit durch Aktivierung von unsafe-inline, unsafe-eval, Blob-URLs und Anpassung verschiedener Quellrichtlinien.
This commit is contained in:
Developer 02
parent
d7252ce888
commit
81220ac9b4
@ -69,7 +69,7 @@
|
|||||||
|
|
||||||
var envelopeKey = ViewData["EnvelopeKey"] as string;
|
var envelopeKey = ViewData["EnvelopeKey"] as string;
|
||||||
|
|
||||||
<script nonce="@nonce">
|
<script nonce="@nonce">
|
||||||
var base64String = "@Html.Raw(documentBase64String.TrySanitize(_sanitizer))";
|
var base64String = "@Html.Raw(documentBase64String.TrySanitize(_sanitizer))";
|
||||||
var byteCharacters = atob(base64String);
|
var byteCharacters = atob(base64String);
|
||||||
var byteNumbers = new Array(byteCharacters.length);
|
var byteNumbers = new Array(byteCharacters.length);
|
||||||
@ -83,6 +83,6 @@
|
|||||||
const app = new App("#app", "@envelopeKey.TrySanitize(_sanitizer)", @Html.Raw(envelopeReceiverJson.TrySanitize(_sanitizer)), documentArrayBuffer, "@ViewData["PSPDFKitLicenseKey"]");
|
const app = new App("#app", "@envelopeKey.TrySanitize(_sanitizer)", @Html.Raw(envelopeReceiverJson.TrySanitize(_sanitizer)), documentArrayBuffer, "@ViewData["PSPDFKitLicenseKey"]");
|
||||||
await app.init();
|
await app.init();
|
||||||
})
|
})
|
||||||
</script>
|
</script>
|
||||||
}
|
}
|
||||||
<div id='app'></div>
|
<div id='app'></div>
|
||||||
@ -19,17 +19,18 @@
|
|||||||
},
|
},
|
||||||
"PSPDFKitLicenseKey": null,
|
"PSPDFKitLicenseKey": null,
|
||||||
/* The first format parameter {0} will be replaced by the nonce value. */
|
/* The first format parameter {0} will be replaced by the nonce value. */
|
||||||
"TestCSP": false,
|
"TestCSP": true,
|
||||||
"Content-Security-Policy": [
|
"Content-Security-Policy": [
|
||||||
"default-src 'self'",
|
"default-src 'self'",
|
||||||
"script-src 'self' 'nonce-{0}'",
|
"script-src 'self' 'nonce-{0}' 'unsafe-inline' 'unsafe-eval' blob: data:",
|
||||||
"style-src 'self' 'nonce-{0}'",
|
"style-src 'self' 'unsafe-inline'",
|
||||||
"img-src 'self' data: https:",
|
"img-src 'self' data: https: blob:",
|
||||||
"font-src 'self'",
|
"font-src 'self'",
|
||||||
"connect-src 'self' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:*",
|
"connect-src 'self' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:* blob:",
|
||||||
"frame-src 'self'",
|
"frame-src 'self'",
|
||||||
"media-src 'self'",
|
"media-src 'self'",
|
||||||
"object-src 'self'"
|
"object-src 'self'",
|
||||||
|
"worker-src 'self' blob: data:"
|
||||||
],
|
],
|
||||||
"AdminPassword": "dd",
|
"AdminPassword": "dd",
|
||||||
"AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ],
|
"AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ],
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user