Skip to content

Commit 52fd081

Browse files
sobermsoberm
committed
fix: csp violation
1 parent 2306576 commit 52fd081

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

src/pages/_document.tsx

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import crypto from 'crypto';
22
import Document, { Html, Head, Main, NextScript } from 'next/document';
3+
import { ALGOLIA_APP_ID } from '../constants/algolia';
34

45
const cspHashOf = (text) => {
56
const hash = crypto.createHash('sha256');
@@ -14,7 +15,7 @@ const ANALYTICS_CSP = {
1415
'https://aws.demdex.net',
1516
'https://dpm.demdex.net',
1617
'https://cm.everesttech.net',
17-
'*.shortbread.aws.dev'
18+
'https://prod.assets.shortbread.aws.dev https://prod.tools.shortbread.aws https://prod.tools.shortbread.aws.dev'
1819
],
1920
img: [
2021
'https://amazonwebservices.d2.sc.omtrdc.net',
@@ -23,8 +24,12 @@ const ANALYTICS_CSP = {
2324
'https://cm.everesttech.net'
2425
],
2526
frame: ['https://aws.demdex.net', 'https://dpm.demdex.net'],
26-
script: ['*.shortbread.aws.dev'],
27-
style: ['*.shortbread.aws.dev']
27+
script: [
28+
'https://prod.assets.shortbread.aws.dev https://prod.tools.shortbread.aws https://prod.log.shortbread.aws.dev'
29+
],
30+
style: [
31+
'https://prod.assets.shortbread.aws.dev https://prod.tools.shortbread.aws https://prod.log.shortbread.aws.dev'
32+
]
2833
},
2934
prod: {
3035
connect: [
@@ -71,7 +76,7 @@ const getCspContent = (context) => {
7176
' '
7277
)} ${ANALYTICS_CSP.alpha.connect.join(
7378
' '
74-
)} https://*.algolia.net https://*.algolianet.com *.amazonaws.com;
79+
)} https://${ALGOLIA_APP_ID}-dsn.algolia.net https://${ALGOLIA_APP_ID}-1.algolianet.com https://${ALGOLIA_APP_ID}-2.algolianet.com https://${ALGOLIA_APP_ID}-3.algolianet.com;
7580
img-src 'self' https://img.shields.io data: ${ANALYTICS_CSP.all.img.join(
7681
' '
7782
)} ${ANALYTICS_CSP.alpha.img.join(' ')};
@@ -94,7 +99,7 @@ const getCspContent = (context) => {
9499
' '
95100
)} ${ANALYTICS_CSP.prod.connect.join(
96101
' '
97-
)} https://*.algolia.net https://*.algolianet.com *.amazonaws.com;
102+
)} https://${ALGOLIA_APP_ID}-dsn.algolia.net https://${ALGOLIA_APP_ID}-1.algolianet.com https://${ALGOLIA_APP_ID}-2.algolianet.com https://${ALGOLIA_APP_ID}-3.algolianet.com;
98103
img-src 'self' https://img.shields.io ${ANALYTICS_CSP.all.img.join(
99104
' '
100105
)} ${ANALYTICS_CSP.prod.img.join(' ')};

0 commit comments

Comments
 (0)