DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

config: fix (again) the CSP when running a LiveReload server locally

Browse source 
When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.

Turns out we now need to specify the protocol explicitely.
This commit is contained in:
Pierre de La Morinerie 2020-04-20 17:24:16 +02:00
parent 780df9944e
commit 37645d3df2
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/initializers/content_security_policy.rb
View file

@ -17,6 +17,6 @@ Rails.application.config.content_security_policy do |policy|
# pour détecter les erreurs lors de l'ajout d'une nouvelle brique externe durant le développement
policy.report_uri "http://#{ENV['APP_HOST']}/csp/"
# En développement, quand bin/webpack-dev-server est utilisé, on autorise les requêtes faites par le live-reload
policy.connect_src(*policy.connect_src, "ws://localhost:3035", "localhost:3035")
policy.connect_src(*policy.connect_src, "ws://localhost:3035", "http://localhost:3035")
end
end