fix(compat): fix CSP connect-src for Safari; force SSL option

graphile / starter

Opinionated SaaS quick-start with pre-built user account and organization system for full-stack application development in React, Node.js, GraphQL and PostgreSQL. Powered by PostGraphile, TypeScript, Apollo Client, Graphile Worker, Graphile Migrate, GraphQL Code Generator, Ant Design and Next.js

https://graphile-starter.herokuapp.com

Other

1.74k stars 219 forks source link

fix(compat): fix CSP connect-src for Safari; force SSL option #244

Closed benjie closed 3 years ago

benjie commented 3 years ago

Description

See #237; Safari doesn't seem to support connect-src 'self' referring to websocket protocol for websockets... So we have to list the full URL.

Performance impact

Negligible.

Security impact

There shouldn't be any, but it does relate to CSP.

SnowballAntrobus commented 2 years ago

When using an unmodified starter , Safari still gives: Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made. When using Firefox or Chrome the site loads as expected. --- in local dev mode

benjie commented 2 years ago

Are you using SSL locally?