File tree Expand file tree Collapse file tree 1 file changed +3
-0
lines changed Expand file tree Collapse file tree 1 file changed +3
-0
lines changed Original file line number Diff line number Diff line change @@ -251,6 +251,7 @@ const (
251251 CSPDirectiveFormAction = "form-action"
252252 CSPDirectiveMediaSrc = "media-src"
253253 CSPFrameAncestors = "frame-ancestors"
254+ CSPDirectiveWorkerSrc = "worker-src"
254255)
255256
256257func cspHeaders (next http.Handler ) http.Handler {
@@ -283,6 +284,8 @@ func cspHeaders(next http.Handler) http.Handler {
283284 // Report all violations back to the server to log
284285 CSPDirectiveReportURI : {"/api/v2/csp/reports" },
285286 CSPFrameAncestors : {"'none'" },
287+ // worker for loading the .tar files on FE using js-untar
288+ CSPDirectiveWorkerSrc : {"'self' blob:" },
286289
287290 // Only scripts can manipulate the dom. This prevents someone from
288291 // naming themselves something like '<svg onload="alert(/cross-site-scripting/)" />'.
You can’t perform that action at this time.
0 commit comments