From 24ef6a0b5d5811a7784e319a9eaec56cd921ad21 Mon Sep 17 00:00:00 2001 From: Massimo Marcon Date: Mon, 10 Jan 2022 18:58:02 +0100 Subject: [PATCH 1/5] docs(contentSecurityPolicy.md): added media-src to defaults --- docs/api/contentSecurityPolicy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/api/contentSecurityPolicy.md b/docs/api/contentSecurityPolicy.md index 8ffaf46..4e2a4d1 100644 --- a/docs/api/contentSecurityPolicy.md +++ b/docs/api/contentSecurityPolicy.md @@ -15,6 +15,7 @@ "frame-src": "'none'", "img-src": "'self'", "manifest-src": "'self'", + "media-src": "'self'", "object-src": "'none'", "prefetch-src": "'self'", "script-src": "'self'", From 58942a44f41fb7f0acff17b2073fa8b729f9cd9c Mon Sep 17 00:00:00 2001 From: Massimo Marcon Date: Mon, 10 Jan 2022 19:00:30 +0100 Subject: [PATCH 2/5] feat(buildCSPHeaders.js): added media-src to default values --- __tests__/buildCSPHeaders.js | 1 + 1 file changed, 1 insertion(+) diff --git a/__tests__/buildCSPHeaders.js b/__tests__/buildCSPHeaders.js index 40cee7d..12663fc 100644 --- a/__tests__/buildCSPHeaders.js +++ b/__tests__/buildCSPHeaders.js @@ -17,6 +17,7 @@ const DEFAULT_CSP = { 'frame-src': '\'none\'', 'img-src': '\'self\'', 'manifest-src': '\'self\'', + 'media-src': '\'self\'', 'object-src': '\'none\'', 'prefetch-src': '\'self\'', 'script-src': '\'self\'', From 91a6bb675fbd19e2954ea8535f9201830535e9dd Mon Sep 17 00:00:00 2001 From: Massimo Marcon Date: Mon, 10 Jan 2022 19:00:39 +0100 Subject: [PATCH 3/5] feat(CSP.js): added media-src to config --- lib/models/CSP.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/models/CSP.js b/lib/models/CSP.js index b94a7c6..b0db6e1 100644 --- a/lib/models/CSP.js +++ b/lib/models/CSP.js @@ -18,6 +18,7 @@ * @property {CSPDirective} ['frame-src'] * @property {CSPDirective} ['img-src'] * @property {CSPDirective} ['manifest-src'] + * @property {CSPDirective} ['media-src'] * @property {CSPDirective} ['object-src'] * @property {CSPDirective} ['prefetch-src'] * @property {CSPDirective} ['script-src'] From b5a046d46377da95cca042bbb752c828fd19e2ac Mon Sep 17 00:00:00 2001 From: Massimo Marcon Date: Mon, 10 Jan 2022 19:00:49 +0100 Subject: [PATCH 4/5] docs(configuration.md): added media-src to default config description --- docs/configuration.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuration.md b/docs/configuration.md index 49b4e21..5399c70 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -16,6 +16,7 @@ nextSafe({ "frame-src": "'none'", "img-src": "'self'", "manifest-src": "'self'", + "media-src": "'self'", "object-src": "'none'", "prefetch-src": "'self'", "script-src": "'self'", From 461b40aa9f9f7d37b56bc9ec21456f83a76d8871 Mon Sep 17 00:00:00 2001 From: Massimo Marcon Date: Mon, 10 Jan 2022 19:01:01 +0100 Subject: [PATCH 5/5] feat(buildCSPHeaders.js): added media-src to directives --- lib/buildCSPHeaders.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/buildCSPHeaders.js b/lib/buildCSPHeaders.js index 83c2ac9..8f34ce6 100644 --- a/lib/buildCSPHeaders.js +++ b/lib/buildCSPHeaders.js @@ -34,6 +34,7 @@ module.exports = function buildCSPHeaders(options = {}) { 'frame-src': getCSPDirective(contentSecurityPolicy['frame-src'], "'none'"), 'img-src': getCSPDirective(contentSecurityPolicy['img-src'], "'self'"), 'manifest-src': getCSPDirective(contentSecurityPolicy['manifest-src'], "'self'"), + 'media-src': getCSPDirective(contentSecurityPolicy['media-src'], "'self'"), 'object-src': getCSPDirective(contentSecurityPolicy['object-src'], "'none'"), 'prefetch-src': getCSPDirective(contentSecurityPolicy['prefetch-src'], "'self'"), 'script-src': getCSPDirective(contentSecurityPolicy['script-src'], "'self'"),