1aristotelis
commented
1 year ago well, I added strict Content Security Policy but it did not change a thing :/ maybe I did something wrong ? Here's the next.cconfig.js file
/** @type {import('next').NextConfig} */
const nextConfig = {
reactStrictMode: true,
images: {
loader: "custom",
loaderFile: "./loader.js",
},
async headers() {
return [
{
source: '/',
headers: [
{
key: 'Content-Security-Policy',
value: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://one.relayx.io; style-src 'self' 'unsafe-inline'; img-src 'self' https://avatar.relayx.com https://a.relayx.com https://berry2.relayx.com data:; font-src 'self'; connect-src 'self' https://askbitcoin.ai https://askbitcoin.com https://api.whatsonchain.com https://staging-backend.relayx.com https://pow.co; frame-src 'self' https://one.relayx.io; object-src 'self'; media-src 'self';"
},
]
}
]
}
};
module.exports = nextConfig;How does other relayx app solve the problem ?
DanielKrawisz
On both Brave and Firefox, it is necessary to disable prevention of cross-site tracking in order to log in. This is a major hurdle for new users.
An independent contractor has looked at the site and thinks that it can be resolved by configuring the cookie correctly to whitelist relayx.com. He has written a report here.
https://chat.21e8.tech/channel/powco-development/thread/ztPhqnWx3fLLaDxpo
This is a problem with all the sites we've been working on so it needs to be fixed on pow.co, powstream.com, and powco.dev.
If this works it would resolve https://github.com/pow-co/pow.co/issues/33