Aktualisiere CSP zur Unterstützung von PSPDFKit durch Aktivierung von unsafe-inline, unsafe-eval, Blob-URLs und Anpassung verschiedener Quellrichtlinien.

2024-05-16 11:11:40 +02:00 · 2024-05-16 11:11:40 +02:00 · 81220ac9b4
commit 81220ac9b4
parent d7252ce888
2 changed files with 21 additions and 20 deletions
--- a/EnvelopeGenerator.Web/appsettings.json
+++ b/EnvelopeGenerator.Web/appsettings.json
@ -19,17 +19,18 @@
  },
  "PSPDFKitLicenseKey": null,
  /* The first format parameter {0} will be replaced by the nonce value. */
-  "TestCSP": false,
+  "TestCSP": true,
  "Content-Security-Policy": [
    "default-src 'self'",
-    "script-src 'self' 'nonce-{0}'",
-    "style-src 'self' 'nonce-{0}'",
-    "img-src 'self' data: https:",
+    "script-src 'self' 'nonce-{0}' 'unsafe-inline' 'unsafe-eval' blob: data:",
+    "style-src 'self' 'unsafe-inline'",
+    "img-src 'self' data: https: blob:",
    "font-src 'self'",
-    "connect-src 'self' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:*",
+    "connect-src 'self' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:* blob:",
    "frame-src 'self'",
    "media-src 'self'",
-    "object-src 'self'"
+    "object-src 'self'",
+    "worker-src 'self' blob: data:"
  ],
  "AdminPassword": "dd",
  "AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ],