MCPcopy
hub / github.com/simstudioai/sim / generateRuntimeCSP

Function generateRuntimeCSP

apps/sim/lib/core/security/csp.ts:191–220  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

189 * deployments where build-time values may be stale placeholders.
190 */
191export function generateRuntimeCSP(): string {
192 const appUrl = getEnv('NEXT_PUBLIC_APP_URL') || ''
193
194 const socketUrl = getEnv('NEXT_PUBLIC_SOCKET_URL') || (isDev ? DEFAULT_SOCKET_URL : '')
195 const socketWsUrl = socketUrl ? toWebSocketUrl(socketUrl) : ''
196 const ollamaUrl = getEnv('OLLAMA_URL') || (isDev ? DEFAULT_OLLAMA_URL : '')
197
198 const brandLogoDomains = getHostnameFromUrl(getEnv('NEXT_PUBLIC_BRAND_LOGO_URL'))
199 const privacyDomains = getHostnameFromUrl(getEnv('NEXT_PUBLIC_PRIVACY_URL'))
200 const termsDomains = getHostnameFromUrl(getEnv('NEXT_PUBLIC_TERMS_URL'))
201
202 const runtimeDirectives: CSPDirectives = {
203 ...buildTimeCSPDirectives,
204
205 'img-src': [...STATIC_IMG_SRC],
206
207 'connect-src': [
208 ...STATIC_CONNECT_SRC,
209 appUrl,
210 ollamaUrl,
211 socketUrl,
212 socketWsUrl,
213 ...brandLogoDomains,
214 ...privacyDomains,
215 ...termsDomains,
216 ],
217 }
218
219 return buildCSPString(runtimeDirectives)
220}
221
222/**
223 * Get the main CSP policy string (build-time)

Callers 2

proxyFunction · 0.90
csp.test.tsFile · 0.90

Calls 4

getEnvFunction · 0.90
toWebSocketUrlFunction · 0.85
getHostnameFromUrlFunction · 0.85
buildCSPStringFunction · 0.85

Tested by

no test coverage detected