stacker.news/pages
ekzyis fc18a917e3
Add Content Security Policy headers (#805)
* Basic CSP with unsafe-inline, unsafe-eval

* Allow 'self' for img-src and connect-src

Apparently, there is a bug for Chrome on iOS if connect-src does not allow 'self'.

See known issues at https://caniuse.com/contentsecuritypolicy

* Use nonces for strict CSP

* More CSP comments

* Add frame-ancestors directive

* Add more useful headers

* Add HSTS header

* Allow youtube and twitter embeds

For some reason, www.youtube.com is enough. It also works for youtube.com and youtube-nocookie.com.

For twitter embeds from twitter.com or x.com, platform.twitter.com is enough.

* Allow CDN and media domain in CSP

* Only allow unsafe-eval in dev build

* Ignore _next/webpack-hmr in middleware
2024-02-13 13:10:06 -06:00
..
[name] territories 2023-12-04 21:34:06 -06:00
api use capture microservice 2024-01-30 18:22:40 -06:00
auth upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
invites More push notification types (#530) 2023-10-04 18:20:52 -05:00
invoices Allow zapping, posting and commenting without funds or an account (#336) 2023-08-11 18:50:57 -05:00
items/[id] territories 2023-12-04 21:34:06 -06:00
referrals fix custom dates to use ms since epoch 2023-11-14 10:23:44 -06:00
rewards remove snow 2023-12-25 18:05:45 -06:00
settings Add nsfw setting to territories (#788) 2024-02-09 20:35:32 -06:00
stackers improve stat gathering 2024-01-19 15:19:26 -06:00
withdrawals merge non-normalized user subtypes fixing #645 2023-11-20 09:05:02 -06:00
~ search filter help text for exact phrase 2024-01-17 09:28:05 -06:00
404.js upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
500.js upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
_app.js Expose WebLN interface via React Context (#749) 2024-02-08 12:33:13 -06:00
_document.js Add Content Security Policy headers (#805) 2024-02-13 13:10:06 -06:00
_error.js upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
email.js upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
live.js upgrade react-bootstrap 2023-07-24 13:53:53 -05:00
login.js show errors on settings during auth linking 2023-07-30 15:39:18 -05:00
notifications.js Notification badges (#595) 2023-11-08 18:17:01 -06:00
offline.js improve service worker asset precaching and offline page 2023-07-28 10:57:12 -05:00
satistics.js autowithdraw to lightning address 2024-01-11 13:10:07 -06:00
share.js Service worker rework, Web Target Share API & Web Push API (#324) 2023-07-04 14:36:07 -05:00
signup.js upgrade react-bootstrap 2023-07-24 13:53:53 -05:00
territory.js link to territory FAQ 2023-12-20 17:11:07 -06:00
wallet.js add ids to all toasts to help id rogue toasts 2024-01-28 13:26:32 -06:00