search

okTurtles / group-income

A decentralized and private (end-to-end encrypted) financial safety net for you and your friends.
https://groupincome.org
GNU Affero General Public License v3.0
331 stars 44 forks source link

Add missing security headers #2362

Open snowteamer opened 2 months ago

snowteamer commented 2 months ago

Fix #2291

Emoji sheet, audio asset loading and file upload in chat manually tested on:

Note that the favicon badge gets blocked in Chrome, but maybe it's acceptable, so as to avoid allowing data: URLs? image

cypress[bot] commented 2 months ago

group-income    Run #3352

Run Properties:  status check passed Passed #3352  •  git commit eae5add86a ℹ️: Merge ad50668cf97c93d66337c2401ec7cf2ab1f19d7b into 1bc76ebde99551c7e9d478bfca90...
Project group-income
Branch Review add-security-headers
Run status status check passed Passed #3352
Run duration 09m 08s
Commit git commit eae5add86a ℹ️: Merge ad50668cf97c93d66337c2401ec7cf2ab1f19d7b into 1bc76ebde99551c7e9d478bfca90...
Committer Snowteamer
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 10
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 111
View all changes introduced in this branch ↗︎
corrideat commented 1 month ago

Running the app locally and opening http://localhost:3000 on Firefox doesn't seem to work due to CSP.

image