Add CSP to Bull Dashboard

mei23 · Apr 14, 2024 · 00cb702 · 00cb702
1 parent 12cf8c6
commit 00cb702
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/packages/backend/src/server/web/index.ts b/packages/backend/src/server/web/index.ts
@@ -47,6 +47,16 @@ app.use(async (ctx, next) => {
 	// %71ueueとかでリクエストされたら困るため
 	const url = decodeURI(ctx.path);
 	if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
+		ctx.set('Content-Security-Policy',
+			`base-uri 'self'; `
+			+ `default-src 'none'; `
+			+ `script-src 'self'; `
+			+ `img-src 'self' https: data: blob:; `
+			+ `style-src 'self' 'unsafe-inline' https:; `
+			+ `font-src 'self' https:; `
+			+ `connect-src 'self' data: blob:; `
+			+ `frame-ancestors 'none'`);
+
 		if (!url.startsWith(bullBoardPath + '/static/')) {
 			ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
 		}