aboutsummaryrefslogtreecommitdiff
path: root/src/util.rs
diff options
context:
space:
mode:
authorMathijs van Veluw <[email protected]>2024-12-15 00:27:20 +0100
committerGitHub <[email protected]>2024-12-15 00:27:20 +0100
commit4d6d3443aef8fd749436151fcff332e9fefa263f (patch)
treecae5fb0e78ac3d9adbbbf3e045a3bdf61e96881c /src/util.rs
parent9cd400db6c5da858a4f49eb883469cbd6cb7337d (diff)
downloadvaultwarden-4d6d3443aef8fd749436151fcff332e9fefa263f.tar.gz
vaultwarden-4d6d3443aef8fd749436151fcff332e9fefa263f.zip
Allow adding connect-src entries (#5293)
Bitwarden allows to use self-hosted forwarded email services. But for this to work you need to add custom URL's to the `connect-src` CSP entry. This commit allows setting this and checks if the URL starts with `https://` else it will abort loading. Fixes #5290 Signed-off-by: BlackDex <[email protected]>
Diffstat (limited to 'src/util.rs')
-rw-r--r--src/util.rs5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/util.rs b/src/util.rs
index 88f0b23d..8c4efca8 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -98,10 +98,11 @@ impl Fairing for AppHeaders {
https://app.addy.io/api/ \
https://api.fastmail.com/ \
https://api.forwardemail.net \
- ;\
+ {allowed_connect_src};\
",
icon_service_csp = CONFIG._icon_service_csp(),
- allowed_iframe_ancestors = CONFIG.allowed_iframe_ancestors()
+ allowed_iframe_ancestors = CONFIG.allowed_iframe_ancestors(),
+ allowed_connect_src = CONFIG.allowed_connect_src(),
);
res.set_raw_header("Content-Security-Policy", csp);
res.set_raw_header("X-Frame-Options", "SAMEORIGIN");