Add Content-Security-Policy header to webpack so the dev server behaves like Pleroma production

This commit is contained in:
Mark Felder 2019-05-07 15:32:19 -05:00
parent 6fdbd444be
commit 213e82499a

View file

@ -46,6 +46,9 @@ const devWebpackConfig = merge(baseWebpackConfig, {
quiet: true, // necessary for FriendlyErrorsPlugin
watchOptions: {
poll: config.dev.poll
},
headers: {
'content-security-policy': "base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; script-src 'self';"
}
},
plugins: [