From 213e82499a4732778573192864aecdeba9a4c8b3 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@FreeBSD.org>
Date: Tue, 7 May 2019 15:32:19 -0500
Subject: [PATCH] Add Content-Security-Policy header to webpack so the dev
 server behaves like Pleroma production

---
 build/webpack.dev.conf.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/build/webpack.dev.conf.js b/build/webpack.dev.conf.js
index eed01df9..fb90173a 100644
--- a/build/webpack.dev.conf.js
+++ b/build/webpack.dev.conf.js
@@ -46,6 +46,9 @@ const devWebpackConfig = merge(baseWebpackConfig, {
     quiet: true, // necessary for FriendlyErrorsPlugin
     watchOptions: {
       poll: config.dev.poll
+    },
+    headers: {
+      'content-security-policy': "base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; script-src 'self';"
     }
   },
   plugins: [