fix: use non-eval source maps, script-src self

2026-04-28 17:35:40 +08:00 · 2020-10-21 09:37:40 -07:00
parent fcaed93e83
commit 995a8f4203
3 changed files with 3 additions and 3 deletions
--- a/netlify.toml
+++ b/netlify.toml
@@ -8,4 +8,4 @@
  for = "/*"
  [headers.values]
    X-Frame-Options = "DENY"
-    Content-Security-Policy = "frame-src 'none';"
+    Content-Security-Policy = "script-src 'self'; frame-src 'none';"
--- a/packages/app/vercel.json
+++ b/packages/app/vercel.json
@@ -10,7 +10,7 @@
        },
        {
          "key": "Content-Security-Policy",
-          "value": "frame-src 'none';"
+          "value": "script-src 'self'; frame-src 'none';"
        }
      ]
    }
--- a/packages/app/webpack.config.js
+++ b/packages/app/webpack.config.js
@@ -53,7 +53,7 @@ const hmtlProdOpts = !isDevelopment

 const getSourceMap = () => {
  if (extEnv === 'web') {
-    return nodeEnv === 'production' ? 'eval' : 'cheap-module-source-map';
+    return 'cheap-module-source-map';
  }
  return 'none';
 };