search

nibtime / next-safe-middleware

Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/
https://next-safe-middleware.vercel.app
MIT License
78 stars 20 forks source link

ws: and wss: are not listed in SchemeSource #67

Open Shamilik opened 2 years ago

Shamilik commented 2 years ago
Screenshot 2022-08-03 at 10 48 10

Without ws:, webpack-hmr isn't working locally in Safari at least:

Screenshot 2022-08-03 at 10 51 30
nibtime commented 2 years ago

Hi @Shamilik

I booked a LambdaTest subscription for work today, which will make it possible for me to handle Safari-related bugs, which is otherwise kind of impossible if you don't own an Apple device :)

The blocking doesn't happen with Chrome and Firefox, they seem to resolve localhost:3000 to 'self', so this doesn't appear there. The lib automatically adds directives for next dev to work, I will extend them so it works with Safari in a PR.

Also, ws: and wss: should be allowed SchemeSource's, I will extend the typings in a PR.