fix: csp header for monaco editor (#2200)

flipt-io · Oct 4, 2023 · 797f797 · 797f797
1 parent b4e6e64
commit 797f797
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/internal/cmd/http.go b/internal/cmd/http.go
@@ -90,7 +90,7 @@ func NewHTTPServer(
 	// TODO: replace with more robust 'mode' detection
 	if !info.IsDevelopment() {
 		r.Use(middleware.SetHeader("X-Content-Type-Options", "nosniff"))
-		r.Use(middleware.SetHeader("Content-Security-Policy", "default-src 'self'; img-src * data:; frame-ancestors 'none';"))
+		r.Use(middleware.SetHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:; frame-ancestors 'none';"))
 	}
 
 	r.Use(middleware.RequestID)
@@ -204,7 +204,7 @@ func NewHTTPServer(
 		return server, nil
 	}
 
-	server.Server.TLSConfig = &tls.Config{
+	server.TLSConfig = &tls.Config{
 		MinVersion:               tls.VersionTLS12,
 		PreferServerCipherSuites: true,
 		CipherSuites: []uint16{
@@ -215,7 +215,7 @@ func NewHTTPServer(
 		},
 	}
 
-	server.Server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
+	server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
 
 	server.listenAndServe = func() error {
 		return server.ListenAndServeTLS(cfg.Server.CertFile, cfg.Server.CertKey)