Will Norris e537d304ef client/web: relax CSP restrictions for manage client ... Don't return CSP headers in dev mode, since that includes a bunch of extra things like the vite server. Allow images from any source, which is needed to load user profile images. Allow 'unsafe-inline' for various inline scripts and style react uses. We can eliminate this by using CSP nonce or hash values, but we'll need to look into the best way to handle that. There appear to be several react plugins for this, but I haven't evaluated any of them. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>		2023-11-05 01:11:21 -07:00
..
build	client/web: clean up assets handling	2023-09-08 16:05:11 -04:00
src	client/web: move auth session creation out of /api/auth	2023-11-03 15:30:04 -04:00
assets.go	client/web: switch to using prebuilt web client assets	2023-09-19 10:09:54 -07:00
auth.go	client/web: move more session logic to auth.go	2023-11-01 18:35:43 -04:00
index.html	client/web: always use new web client; remove old client	2023-08-28 11:11:16 -07:00
package.json	build(deps-dev): bump postcss from 8.4.27 to 8.4.31 in /client/web	2023-11-01 15:25:57 -07:00
postcss.config.js	client/web: add tailwind styling to react app	2023-08-14 15:29:12 -04:00
qnap.go	client/web: limit authorization checks to API calls	2023-11-02 13:01:09 -07:00
synology.go	client/web: limit authorization checks to API calls	2023-11-02 13:01:09 -07:00
tailwind.config.js	client/web: add tailwind styling to react app	2023-08-14 15:29:12 -04:00
tsconfig.json	client/web: add debug mode for web client ui updates	2023-09-28 15:45:33 -04:00
vite.config.ts	client/web: switch to using prebuilt web client assets	2023-09-19 10:09:54 -07:00
web_test.go	client/web: add some security checks for full client	2023-11-03 14:15:59 -07:00
web.go	client/web: relax CSP restrictions for manage client	2023-11-05 01:11:21 -07:00
yarn.lock	build(deps-dev): bump postcss from 8.4.27 to 8.4.31 in /client/web	2023-11-01 15:25:57 -07:00