Revert "Add Content-Security-Policy header to Convos #508 #567"

This reverts commit 1091cfe.
convos-chat · Feb 15, 2021 · 53600b1 · 53600b1
1 parent 68ab978
commit 53600b1
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 29 deletions.
diff --git a/lib/Convos.pm b/lib/Convos.pm
@@ -132,7 +132,6 @@ sub _before_dispatch {
   $settings->save_p({base_url => $base_url}) if !CONVOS_GET and $settings->base_url ne $base_url;
   $c->app->sessions->secure($ENV{CONVOS_SECURE_COOKIES} || $base_url->scheme eq 'https' ? 1 : 0);
   $c->res->headers->header('X-Provider-Name', 'ConvosApp');
-  $c->res->headers->content_security_policy($c->app->_content_security_policy);
 
   # Used when registering the first user
   $c->stash(first_user => 1) if !$c->session('email') and !$c->app->core->n_users;
@@ -161,23 +160,6 @@ sub _config {
   return $config;
 }
 
-sub _content_security_policy {
-  return join(' ',
-    map {"$_;"} q(block-all-mixed-content),
-    q(base-uri 'self'),
-    q(connect-src 'self'),
-    q(frame-ancestors 'none'),
-    q(manifest-src 'self'),
-    q(default-src 'none'),
-    q(font-src 'self'),
-    q(frame-src 'self'),
-    q(img-src *),
-    q(object-src 'none'),
-    q(script-src 'self' 'unsafe-inline' 'unsafe-eval'),
-    q(style-src 'self' 'unsafe-inline'),
-  );
-}
-
 sub _home_in_share {
   my $self = shift;
   my $rel  = path(qw(auto share dist Convos))->to_string;

diff --git a/t/web-production.t b/t/web-production.t