fix: web socket in dev
This commit is contained in:
+8
-1
@@ -6,6 +6,13 @@ import {withSentryConfig} from '@sentry/nextjs'
|
|||||||
const apiUrl = process.env.NEXT_PUBLIC_DIRECTUS_API_URL ?? ''
|
const apiUrl = process.env.NEXT_PUBLIC_DIRECTUS_API_URL ?? ''
|
||||||
const wsUrl = process.env.NEXT_PUBLIC_DIRECTUS_API_WS_URL ?? ''
|
const wsUrl = process.env.NEXT_PUBLIC_DIRECTUS_API_WS_URL ?? ''
|
||||||
|
|
||||||
|
// Le SDK Directus dérive l'URL WebSocket depuis apiUrl (https→wss, http→ws).
|
||||||
|
// On l'inclut toujours dans connect-src pour garantir que CSP autorise la connexion,
|
||||||
|
// même si NEXT_PUBLIC_DIRECTUS_API_WS_URL pointe vers un hôte différent.
|
||||||
|
const derivedWsUrl = apiUrl
|
||||||
|
.replace(/^https:\/\//, 'wss://')
|
||||||
|
.replace(/^http:\/\//, 'ws://')
|
||||||
|
|
||||||
// Tokens CSP — les guillemets simples font partie de la spec CSP, pas de JS
|
// Tokens CSP — les guillemets simples font partie de la spec CSP, pas de JS
|
||||||
const SELF = '\'self\''
|
const SELF = '\'self\''
|
||||||
const NONE = '\'none\''
|
const NONE = '\'none\''
|
||||||
@@ -20,7 +27,7 @@ const cspDirectives = [
|
|||||||
`default-src ${SELF}`,
|
`default-src ${SELF}`,
|
||||||
`script-src ${SELF} ${UNSAFE_INLINE}`,
|
`script-src ${SELF} ${UNSAFE_INLINE}`,
|
||||||
`style-src ${SELF} ${UNSAFE_INLINE}`,
|
`style-src ${SELF} ${UNSAFE_INLINE}`,
|
||||||
`connect-src ${SELF} ${apiUrl} ${wsUrl}`.trim(),
|
`connect-src ${SELF} ${apiUrl} ${wsUrl} ${derivedWsUrl}`.trim().replace(/ {2,}/g, ' '),
|
||||||
`img-src ${SELF} data: blob:`,
|
`img-src ${SELF} data: blob:`,
|
||||||
`font-src ${SELF}`,
|
`font-src ${SELF}`,
|
||||||
`object-src ${NONE}`,
|
`object-src ${NONE}`,
|
||||||
|
|||||||
Reference in New Issue
Block a user