Merge branch 'main' into nm-inject-canister-id

dfinity · Feb 3, 2022 · 8f0a91b · 8f0a91b
2 parents 4fc5e17 + 83a273d
commit 8f0a91b
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 4 deletions.
diff --git a/backend-tests/backend-tests.hs b/backend-tests/backend-tests.hs
@@ -437,7 +437,7 @@ validateSecurityHeaders resp = do
     \window-placement=(),\
     \xr-spatial-tracking=()"
   validateHeaderMatches resp "Content-Security-Policy" "^default-src 'none';\
-    \connect-src 'self';\
+    \connect-src 'self' https://ic0.app;\
     \img-src 'self' data:;\
     \script-src 'sha256-[a-zA-Z0-9\\/=+]+' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;\
     \base-uri 'none';\

diff --git a/src/internet_identity/src/assets.rs b/src/internet_identity/src/assets.rs
@@ -6,7 +6,6 @@ use sha2::Digest;
 use lazy_static::lazy_static;
 use ic_cdk::api;
 
-
 #[derive(Debug, PartialEq, Eq)]
 pub enum ContentEncoding {
     Identity,

diff --git a/src/internet_identity/src/main.rs b/src/internet_identity/src/main.rs
@@ -835,8 +835,8 @@ fn security_headers() -> Vec<HeaderField> {
         // infrastructure.
         (
             "Content-Security-Policy".to_string(),
-            format!("default-src 'none';\
-             connect-src 'self';\
+            "default-src 'none';\
+             connect-src 'self' https://ic0.app;\
              img-src 'self' data:;\
              script-src '{hash}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;\
              base-uri 'none';\