Skip to content

Commit c76c70e

Browse files
sobermsoberm
authored
fix: csp violation (#8427)
1 parent 2306576 commit c76c70e

File tree

1 file changed

+7
-5
lines changed

1 file changed

+7
-5
lines changed

src/pages/_document.tsx

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import crypto from 'crypto';
22
import Document, { Html, Head, Main, NextScript } from 'next/document';
3+
import { ALGOLIA_APP_ID } from '../constants/algolia';
34

45
const cspHashOf = (text) => {
56
const hash = crypto.createHash('sha256');
@@ -14,7 +15,8 @@ const ANALYTICS_CSP = {
1415
'https://aws.demdex.net',
1516
'https://dpm.demdex.net',
1617
'https://cm.everesttech.net',
17-
'*.shortbread.aws.dev'
18+
'https://prod.tools.shortbread.aws.dev',
19+
'https://prod.log.shortbread.aws.dev'
1820
],
1921
img: [
2022
'https://amazonwebservices.d2.sc.omtrdc.net',
@@ -23,8 +25,8 @@ const ANALYTICS_CSP = {
2325
'https://cm.everesttech.net'
2426
],
2527
frame: ['https://aws.demdex.net', 'https://dpm.demdex.net'],
26-
script: ['*.shortbread.aws.dev'],
27-
style: ['*.shortbread.aws.dev']
28+
script: ['https://prod.assets.shortbread.aws.dev'],
29+
style: ['https://prod.assets.shortbread.aws.dev']
2830
},
2931
prod: {
3032
connect: [
@@ -71,7 +73,7 @@ const getCspContent = (context) => {
7173
' '
7274
)} ${ANALYTICS_CSP.alpha.connect.join(
7375
' '
74-
)} https://*.algolia.net https://*.algolianet.com *.amazonaws.com;
76+
)} https://${ALGOLIA_APP_ID}-dsn.algolia.net https://${ALGOLIA_APP_ID}-1.algolianet.com https://${ALGOLIA_APP_ID}-2.algolianet.com https://${ALGOLIA_APP_ID}-3.algolianet.com;
7577
img-src 'self' https://img.shields.io data: ${ANALYTICS_CSP.all.img.join(
7678
' '
7779
)} ${ANALYTICS_CSP.alpha.img.join(' ')};
@@ -94,7 +96,7 @@ const getCspContent = (context) => {
9496
' '
9597
)} ${ANALYTICS_CSP.prod.connect.join(
9698
' '
97-
)} https://*.algolia.net https://*.algolianet.com *.amazonaws.com;
99+
)} https://${ALGOLIA_APP_ID}-dsn.algolia.net https://${ALGOLIA_APP_ID}-1.algolianet.com https://${ALGOLIA_APP_ID}-2.algolianet.com https://${ALGOLIA_APP_ID}-3.algolianet.com;
98100
img-src 'self' https://img.shields.io ${ANALYTICS_CSP.all.img.join(
99101
' '
100102
)} ${ANALYTICS_CSP.prod.img.join(' ')};

0 commit comments

Comments
 (0)