From e432d3bf18d5329b00936006d8b595fcdb063bda Mon Sep 17 00:00:00 2001
From: Immad Abdul Jabbar <immadabduljabbar@gmail.com>
Date: Tue, 25 Feb 2025 14:52:03 +0100
Subject: [PATCH] feat: enable all connect src in debug mode

---
 server/config/server.config.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/config/server.config.ts b/server/config/server.config.ts
index 10b8061e63f..a03e4e5f996 100644
--- a/server/config/server.config.ts
+++ b/server/config/server.config.ts
@@ -71,7 +71,11 @@ function parseCommaSeparatedList(list: string = ''): string[] {
 function mergedCSP({urls}: ConfigGeneratorParams, env: Record<string, string>): Record<string, Iterable<string>> {
   const objectSrc = parseCommaSeparatedList(env.CSP_EXTRA_OBJECT_SRC);
   const csp = {
-    connectSrc: [...defaultCSP.connectSrc, urls.api, urls.ws, ...parseCommaSeparatedList(env.CSP_EXTRA_CONNECT_SRC)],
+    connectSrc:
+      env.FEATURE_ENABLE_DEBUG === 'true'
+        ? // Allow all connections in debug mode
+          ['*']
+        : [...defaultCSP.connectSrc, urls.api, urls.ws, ...parseCommaSeparatedList(env.CSP_EXTRA_CONNECT_SRC)],
     defaultSrc: [...defaultCSP.defaultSrc, ...parseCommaSeparatedList(env.CSP_EXTRA_DEFAULT_SRC)],
     fontSrc: [...defaultCSP.fontSrc, ...parseCommaSeparatedList(env.CSP_EXTRA_FONT_SRC)],
     frameSrc: [...defaultCSP.frameSrc, ...parseCommaSeparatedList(env.CSP_EXTRA_FRAME_SRC)],