122 lines
2.9 KiB
JSON
Executable File
122 lines
2.9 KiB
JSON
Executable File
{
|
|
"_comment": "IMPORTANT: Update production domains to match .env file (VITE_PROD_DOMAIN, VITE_TEST_DOMAIN)",
|
|
"development": {
|
|
"description": "Relaxed CSP for development environment with Vite HMR",
|
|
"csp": {
|
|
"default-src": ["'self'"],
|
|
"script-src": [
|
|
"'self'",
|
|
"'unsafe-inline'",
|
|
"'unsafe-eval'",
|
|
"http://localhost:*",
|
|
"ws://localhost:*"
|
|
],
|
|
"style-src": [
|
|
"'self'",
|
|
"'unsafe-inline'",
|
|
"http://localhost:*"
|
|
],
|
|
"img-src": [
|
|
"'self'",
|
|
"data:",
|
|
"blob:",
|
|
"http://localhost:*"
|
|
],
|
|
"font-src": [
|
|
"'self'",
|
|
"data:",
|
|
"http://localhost:*"
|
|
],
|
|
"connect-src": [
|
|
"'self'",
|
|
"http://localhost:*",
|
|
"https://localhost:*",
|
|
"ws://localhost:*",
|
|
"wss://localhost:*"
|
|
],
|
|
"frame-src": [
|
|
"'self'",
|
|
"http://localhost:8080",
|
|
"https://localhost:8080"
|
|
],
|
|
"object-src": ["'none'"],
|
|
"base-uri": ["'self'"],
|
|
"form-action": ["'self'"],
|
|
"frame-ancestors": ["'none'"]
|
|
}
|
|
},
|
|
"production": {
|
|
"description": "Strict CSP for production environment",
|
|
"csp": {
|
|
"default-src": ["'self'"],
|
|
"script-src": ["'self'"],
|
|
"style-src": [
|
|
"'self'",
|
|
"'unsafe-inline'"
|
|
],
|
|
"img-src": [
|
|
"'self'",
|
|
"data:",
|
|
"blob:"
|
|
],
|
|
"font-src": [
|
|
"'self'",
|
|
"data:"
|
|
],
|
|
"connect-src": [
|
|
"'self'",
|
|
"https://mc.exbytestudios.com",
|
|
"wss://mc.exbytestudios.com",
|
|
"https://test.exbytestudios.com",
|
|
"wss://test.exbytestudios.com"
|
|
],
|
|
"frame-src": [
|
|
"'self'",
|
|
"https://mc.exbytestudios.com",
|
|
"https://test.exbytestudios.com"
|
|
],
|
|
"object-src": ["'none'"],
|
|
"base-uri": ["'self'"],
|
|
"form-action": ["'self'"],
|
|
"frame-ancestors": ["'none'"],
|
|
"upgrade-insecure-requests": []
|
|
}
|
|
},
|
|
"testing": {
|
|
"description": "CSP for testing environment",
|
|
"csp": {
|
|
"default-src": ["'self'"],
|
|
"script-src": [
|
|
"'self'",
|
|
"'unsafe-inline'",
|
|
"'unsafe-eval'"
|
|
],
|
|
"style-src": [
|
|
"'self'",
|
|
"'unsafe-inline'"
|
|
],
|
|
"img-src": [
|
|
"'self'",
|
|
"data:",
|
|
"blob:"
|
|
],
|
|
"font-src": [
|
|
"'self'",
|
|
"data:"
|
|
],
|
|
"connect-src": [
|
|
"'self'",
|
|
"http://localhost:*",
|
|
"https://localhost:*"
|
|
],
|
|
"frame-src": [
|
|
"'self'",
|
|
"http://localhost:*"
|
|
],
|
|
"object-src": ["'none'"],
|
|
"base-uri": ["'self'"],
|
|
"form-action": ["'self'"],
|
|
"frame-ancestors": ["'none'"]
|
|
}
|
|
}
|
|
} |