Skip to content

Commit cfa69b8

Browse files
authored
fix: update csp headers in bridge ui (#1183)
1 parent 8028519 commit cfa69b8

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

bridge-ui/src/middleware.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,8 @@ export function middleware(request: NextRequest) {
66

77
// We only want to allow unsafe-eval in local environment for NextJS dev server
88
// We are required to use unsafe-inline with Cloudflare - https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
9-
const unsafeScript = process.env.NEXT_PUBLIC_ENVIRONMENT === "local" ? "'unsafe-eval'" : "'unsafe-inline'";
9+
// TODO: Remove unsafe-eval in production and replace with 'unsafe-inline'
10+
const unsafeScript = process.env.NEXT_PUBLIC_ENVIRONMENT === "local" ? "'unsafe-eval'" : "'unsafe-eval'";
1011

1112
/**
1213
* Content Security Policy (CSP) configuration:

0 commit comments

Comments
 (0)