olzaragoza/CSP: browser-sync

Created August 11, 2016 20:05

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/olzaragoza/9afea00fdfd720cf7b8236975b7739f4.js"></script>
Save olzaragoza/9afea00fdfd720cf7b8236975b7739f4 to your computer and use it in GitHub Desktop.

Download ZIP

Content-Security-Policy for developing with Browsersync

Raw

CSP: browser-sync

	<meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src http://localhost:3000 ws://localhost:3000; script-src 'sha256-6w7vfY25rjzxRvjgGUXxQWVtH2vipu/5/hnX06LWvHo=' ws://localhost:3000 http://localhost:3000;">

moneytree-doug commented Jan 17, 2017

What are the implications for allowing localhost in the connect-src?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment