From f6b7a56e36d3d3362b1f770e4f14687b65b1c326 Mon Sep 17 00:00:00 2001
From: Alexis Georges <alexis@georges.brussels>
Date: Wed, 17 Nov 2021 15:55:41 +0100
Subject: [PATCH] fix(stark-build): remove csp 'plugin-types' rule and adapt
 'object-src' rule

ISSUES CLOSED: #3086
---
 packages/stark-build/config/webpack-partial.dev.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/packages/stark-build/config/webpack-partial.dev.js b/packages/stark-build/config/webpack-partial.dev.js
index bfa6823c74..30fce7f5ec 100644
--- a/packages/stark-build/config/webpack-partial.dev.js
+++ b/packages/stark-build/config/webpack-partial.dev.js
@@ -40,8 +40,7 @@ const cspDirectives = [
 	"frame-ancestors 'none'", // the app will not be allowed to be embedded in an iframe (roughly equivalent to X-Frame-Options: DENY)
 	"img-src 'self' data: image/png", // data: image/png is due to ui-router visualizer loading PNG images
 	"media-src 'self'",
-	"object-src 'self'",
-	"plugin-types application/pdf" // valid mime-types for plugins invoked via <object> and <embed>
+	"object-src 'self' data:"
 	// "script-src 'self'", // FIXME: enable as soon as the issue is fixed in Angular (https://github.com/angular/angular-cli/issues/6872 )
 	// "style-src 'self' 'nonce-uiroutervisualizer' 'nonce-cef324d21ec5483c8819cc7a5e33c4a2'" // we define the same nonce value as in the style-loader // FIXME: DomSharedStylesHost.prototype._addStylesToHost in platform-browser.js adds inline style!
 ];