diff --git a/internal/web/__snapshots__/web.snapshot b/internal/web/__snapshots__/web.snapshot index 3da15c93..c4ee6e9d 100644 --- a/internal/web/__snapshots__/web.snapshot +++ b/internal/web/__snapshots__/web.snapshot @@ -1,7 +1,7 @@ /* snapshot: Test_createRoutes_foobar */ HTTP/1.1 200 OK Connection: close -Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; +Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; font-src 'self' data:; Content-Type: text/html; charset=utf-8 foo page @@ -9,7 +9,7 @@ foo page /* snapshot: Test_createRoutes_index */ HTTP/1.1 200 OK Connection: close -Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; +Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; font-src 'self' data:; Content-Type: text/html; charset=utf-8 index page @@ -17,7 +17,7 @@ index page /* snapshot: Test_createRoutes_redirect */ HTTP/1.1 301 Moved Permanently Connection: close -Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; +Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; font-src 'self' data:; Content-Type: text/html; charset=utf-8 Location: /foobar/ @@ -35,7 +35,7 @@ Location: /foobar/login /* snapshot: Test_createRoutes_simple_redirect */ HTTP/1.1 307 Temporary Redirect Connection: close -Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; +Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; font-src 'self' data:; Content-Type: text/html; charset=utf-8 Location: /login?redirectUrl=/ @@ -75,7 +75,7 @@ data: end of stream /* snapshot: Test_createRoutes_version */ HTTP/1.1 200 OK Connection: close -Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; +Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; font-src 'self' data:; Content-Type: text/html 
dev
@@ -87,7 +87,6 @@ Content-Type: text/html /* snapshot: Test_handler_between_dates_with_everything_complex */ {"t":"complex","m":{"msg":"a complex log message"},"rm":"{\"msg\":\"a complex log message\"}","ts":1589396197772,"id":62280847,"l":"unknown","s":"stdout","c":"123456"} - /* snapshot: Test_handler_between_dates_with_fill */ {"t":"single","m":"INFO Testing stdout logs...","rm":"INFO Testing stdout logs...","ts":1589396137772,"id":466600245,"l":"info","s":"stdout","c":"123456"} {"t":"single","m":"INFO Testing stderr logs...","rm":"INFO Testing stderr logs...","ts":1589396197772,"id":1101501603,"l":"info","s":"stderr","c":"123456"} @@ -126,7 +125,7 @@ Connection: close Cache-Control: no-transform Cache-Control: no-cache Connection: keep-alive -Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; +Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; font-src 'self' data:; Content-Type: text/event-stream X-Accel-Buffering: no @@ -156,7 +155,7 @@ error finding container /* snapshot: Test_handler_streamLogs_error_std */ HTTP/1.1 400 Bad Request Connection: close -Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; +Content-Security-Policy: default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; font-src 'self' data:; Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff diff --git a/internal/web/csp.go b/internal/web/csp.go index 275ef4b2..1fa8f835 100644 --- a/internal/web/csp.go +++ b/internal/web/csp.go @@ -8,7 +8,7 @@ func cspHeaders(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set( "Content-Security-Policy", - "default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:;", + "default-src 'self' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://*.duckdb.org; style-src 'self' 'unsafe-inline' blob:; img-src 'self' data:; font-src 'self' data:;", ) next.ServeHTTP(w, r) })