Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

chore: Add frame-ancestors CSP during dev time (#19735)

Browse Source 
We use `APPSMITH_ALLOWED_FRAME_ANCESTORS` env variable to determine the
CSP value for `frame-ancestors` in the Docker container, but we don't do
this in the `start-https.sh` script, which is used during development.
This PR fixes this inconsistency.
This commit is contained in:
Shrikant Sharat Kandula 2023-01-25 14:13:36 +05:30 committed by GitHub
parent 31635a5de7
commit 55462ae7e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/client/start-https.sh
View File

@ -259,6 +259,9 @@ $(if [[ $use_https == 1 ]]; then echo "
proxy_set_header X-Forwarded-Host \$host; proxy_set_header X-Forwarded-Host \$host;
proxy_set_header Accept-Encoding ''; proxy_set_header Accept-Encoding '';
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
add_header Content-Security-Policy \"frame-ancestors ${APPSMITH_ALLOWED_FRAME_ANCESTORS-'self' *}\";
sub_filter_once off; sub_filter_once off;
location / { location / {
proxy_pass $frontend; proxy_pass $frontend;