From 43dff470bd41ef797a3726368b421057d2f06ef8 Mon Sep 17 00:00:00 2001
From: Max Peintner <peintnerm@gmail.com>
Date: Wed, 30 Apr 2025 09:47:51 +0200
Subject: [PATCH] csp import

---
 apps/login/constants/csp.js       | 2 ++
 apps/login/next.config.mjs        | 2 +-
 apps/login/src/app/login/route.ts | 2 +-
 apps/login/src/lib/csp.ts         | 2 --
 apps/login/src/middleware.ts      | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)
 create mode 100644 apps/login/constants/csp.js
 delete mode 100644 apps/login/src/lib/csp.ts

diff --git a/apps/login/constants/csp.js b/apps/login/constants/csp.js
new file mode 100644
index 0000000000..21dc869a53
--- /dev/null
+++ b/apps/login/constants/csp.js
@@ -0,0 +1,2 @@
+export const DEFAULT_CSP =
+    "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com; connect-src 'self'; child-src; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; img-src 'self' https://vercel.com;";
diff --git a/apps/login/next.config.mjs b/apps/login/next.config.mjs
index 2795854114..edf5e54595 100755
--- a/apps/login/next.config.mjs
+++ b/apps/login/next.config.mjs
@@ -1,5 +1,5 @@
 import createNextIntlPlugin from "next-intl/plugin";
-import { DEFAULT_CSP } from "./src/lib/csp";
+import { DEFAULT_CSP } from "./constants/csp.js";
 
 const withNextIntl = createNextIntlPlugin();
 
diff --git a/apps/login/src/app/login/route.ts b/apps/login/src/app/login/route.ts
index b3da6f863e..fb2f5e5f49 100644
--- a/apps/login/src/app/login/route.ts
+++ b/apps/login/src/app/login/route.ts
@@ -1,5 +1,4 @@
 import { getAllSessions } from "@/lib/cookies";
-import { DEFAULT_CSP } from "@/lib/csp";
 import { idpTypeToSlug } from "@/lib/idp";
 import { loginWithOIDCandSession } from "@/lib/oidc";
 import { loginWithSAMLandSession } from "@/lib/saml";
@@ -27,6 +26,7 @@ import { CreateResponseRequestSchema } from "@zitadel/proto/zitadel/saml/v2/saml
 import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
 import { headers } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
+import { DEFAULT_CSP } from "../../../constants/csp";
 
 export const dynamic = "force-dynamic";
 export const revalidate = false;
diff --git a/apps/login/src/lib/csp.ts b/apps/login/src/lib/csp.ts
deleted file mode 100644
index 5cc1e254f3..0000000000
--- a/apps/login/src/lib/csp.ts
+++ /dev/null
@@ -1,2 +0,0 @@
-export const DEFAULT_CSP =
-  "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com; connect-src 'self'; child-src; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; img-src 'self' https://vercel.com;";
diff --git a/apps/login/src/middleware.ts b/apps/login/src/middleware.ts
index 0572fe43b6..0621b2f5f2 100644
--- a/apps/login/src/middleware.ts
+++ b/apps/login/src/middleware.ts
@@ -1,6 +1,6 @@
 import { headers } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
-import { DEFAULT_CSP } from "./lib/csp";
+import { DEFAULT_CSP } from "../constants/csp";
 import { getServiceUrlFromHeaders } from "./lib/service";
 import { getSecuritySettings } from "./lib/zitadel";