mwf975_git/tippspiel
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: CSP allows Google Fonts for Material Symbols icons
Build & Deploy Tippspiel / build (push) Successful in 50s
Details

Browse Source
This commit is contained in:
Ronny
2026-04-12 18:13:44 +02:00
parent 8d37d8c2ab
commit f8a1887c0d
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/index.ts
+2 -2
View File
@@ -36,10 +36,10 @@ app.use(
directives: { directives: {
defaultSrc: ["'self'"], defaultSrc: ["'self'"],
scriptSrc: ["'self'"], scriptSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"], // für inline styles im Frontend styleSrc: ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com'],
fontSrc: ["'self'", 'https://fonts.gstatic.com', 'https://cdn.jsdelivr.net'],
imgSrc: ["'self'", 'data:', 'https://crests.football-data.org'], imgSrc: ["'self'", 'data:', 'https://crests.football-data.org'],
frameAncestors: ['https://app.staffbase.com', 'https://*.staffbase.com'], frameAncestors: ['https://app.staffbase.com', 'https://*.staffbase.com'],
// upgrade-insecure-requests nur wenn HTTPS verfügbar ist, sonst werden JS-Assets geblockt
upgradeInsecureRequests: process.env.PLUGIN_BASE_URL?.startsWith('https') ? [] : null, upgradeInsecureRequests: process.env.PLUGIN_BASE_URL?.startsWith('https') ? [] : null,
}, },
}, },