summaryrefslogtreecommitdiffhomepage
path: root/control/controlknobs
diff options
context:
space:
mode:
authorWill Norris <will@tailscale.com>2023-11-03 17:27:49 -0700
committerWill Norris <will@willnorris.com>2023-11-05 01:11:21 -0700
commite537d304efe85e9dd98c866d28cff0cc69fc64fb (patch)
treec3002b32ee274fd4b7eb0cc64ea0743195795696 /control/controlknobs
parent5de865046657c028e3f20903c208c4fc09edadeb (diff)
downloadtailscale-e537d304efe85e9dd98c866d28cff0cc69fc64fb.tar.xz
tailscale-e537d304efe85e9dd98c866d28cff0cc69fc64fb.zip
client/web: relax CSP restrictions for manage client
Don't return CSP headers in dev mode, since that includes a bunch of extra things like the vite server. Allow images from any source, which is needed to load user profile images. Allow 'unsafe-inline' for various inline scripts and style react uses. We can eliminate this by using CSP nonce or hash values, but we'll need to look into the best way to handle that. There appear to be several react plugins for this, but I haven't evaluated any of them. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>
Diffstat (limited to 'control/controlknobs')
0 files changed, 0 insertions, 0 deletions