Closed DanielKrawisz closed 1 year ago
well, I added strict Content Security Policy but it did not change a thing :/ maybe I did something wrong ? Here's the next.cconfig.js file
/** @type {import('next').NextConfig} */
const nextConfig = {
reactStrictMode: true,
images: {
loader: "custom",
loaderFile: "./loader.js",
},
async headers() {
return [
{
source: '/',
headers: [
{
key: 'Content-Security-Policy',
value: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://one.relayx.io; style-src 'self' 'unsafe-inline'; img-src 'self' https://avatar.relayx.com https://a.relayx.com https://berry2.relayx.com data:; font-src 'self'; connect-src 'self' https://askbitcoin.ai https://askbitcoin.com https://api.whatsonchain.com https://staging-backend.relayx.com https://pow.co; frame-src 'self' https://one.relayx.io; object-src 'self'; media-src 'self';"
},
]
}
]
}
};
module.exports = nextConfig;
How does other relayx app solve the problem ?
It turns out this does not really fix it and the issue cannot be fixed other than with a browser plugin. I am closing this issue and can I get my bounty back @owenkellogg ?
On both Brave and Firefox, it is necessary to disable prevention of cross-site tracking in order to log in. This is a major hurdle for new users.
An independent contractor has looked at the site and thinks that it can be resolved by configuring the cookie correctly to whitelist relayx.com. He has written a report here.
https://chat.21e8.tech/channel/powco-development/thread/ztPhqnWx3fLLaDxpo
This is a problem with all the sites we've been working on so it needs to be fixed on pow.co, powstream.com, and powco.dev.
If this works it would resolve https://github.com/pow-co/pow.co/issues/33