()
| 189 | * deployments where build-time values may be stale placeholders. |
| 190 | */ |
| 191 | export function generateRuntimeCSP(): string { |
| 192 | const appUrl = getEnv('NEXT_PUBLIC_APP_URL') || '' |
| 193 | |
| 194 | const socketUrl = getEnv('NEXT_PUBLIC_SOCKET_URL') || (isDev ? DEFAULT_SOCKET_URL : '') |
| 195 | const socketWsUrl = socketUrl ? toWebSocketUrl(socketUrl) : '' |
| 196 | const ollamaUrl = getEnv('OLLAMA_URL') || (isDev ? DEFAULT_OLLAMA_URL : '') |
| 197 | |
| 198 | const brandLogoDomains = getHostnameFromUrl(getEnv('NEXT_PUBLIC_BRAND_LOGO_URL')) |
| 199 | const privacyDomains = getHostnameFromUrl(getEnv('NEXT_PUBLIC_PRIVACY_URL')) |
| 200 | const termsDomains = getHostnameFromUrl(getEnv('NEXT_PUBLIC_TERMS_URL')) |
| 201 | |
| 202 | const runtimeDirectives: CSPDirectives = { |
| 203 | ...buildTimeCSPDirectives, |
| 204 | |
| 205 | 'img-src': [...STATIC_IMG_SRC], |
| 206 | |
| 207 | 'connect-src': [ |
| 208 | ...STATIC_CONNECT_SRC, |
| 209 | appUrl, |
| 210 | ollamaUrl, |
| 211 | socketUrl, |
| 212 | socketWsUrl, |
| 213 | ...brandLogoDomains, |
| 214 | ...privacyDomains, |
| 215 | ...termsDomains, |
| 216 | ], |
| 217 | } |
| 218 | |
| 219 | return buildCSPString(runtimeDirectives) |
| 220 | } |
| 221 | |
| 222 | /** |
| 223 | * Get the main CSP policy string (build-time) |
no test coverage detected