From a44f20a7426c7cd074d7d760d52bb9f9bdb5d672 Mon Sep 17 00:00:00 2001 From: Bruno Quaresma Date: Tue, 21 Mar 2023 19:36:34 +0000 Subject: [PATCH] fix(site): Fix CSP directives for monaco --- site/site.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/site/site.go b/site/site.go index ae3fbd5c41470..b9143c9801239 100644 --- a/site/site.go +++ b/site/site.go @@ -326,7 +326,8 @@ func cspHeaders(next http.Handler) http.Handler { CSPDirectiveScriptSrc: {"'self' https://cdn.jsdelivr.net"}, CSPDirectiveStyleSrc: {"'self' 'unsafe-inline' https://cdn.jsdelivr.net"}, // data: is used by monaco editor on FE for Syntax Highlight - CSPDirectiveFontSrc: {"'self' data:"}, + CSPDirectiveFontSrc: {"'self' https://cdn.jsdelivr.net data:"}, + CSPDirectiveWorkerSrc: {"'self' blob:"}, // object-src is needed to support code-server CSPDirectiveObjectSrc: {"'self'"}, // blob: for loading the pwa manifest for code-server