Apply CSP for the sample site #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: github pages | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout the code | |
- uses: actions/checkout@v4 | |
# Install .NET SDK | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: 8.0.x | |
dotnet-quality: "preview" | |
- name: Install .NET WebAssembly Tools | |
run: dotnet workload install wasm-tools | |
# Publish the site | |
- name: Publish | |
run: dotnet publish SampleSites/Client/SampleSite.Client.csproj -c:Release -o:public -p:GHPages=true -f:net8.0 | |
# Fix the Content Security Policy (CSP) | |
- name: Fix CSP | |
run: sed -i "s|<meta http-equiv=\"content-security-policy\" content=\"default-src 'self'; font-src \*; connect-src 'self' ws://localhost:\* http://localhost:\*; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts\.googleapis\.com data:; img-src 'self' data:\"/>|<meta http-equiv=\"content-security-policy\" content=\"default-src 'self'; font-src *; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com data:; img-src 'self' data:\"/>|" ./public/wwwroot/index.html | |
# Deploy the site | |
- name: Deploy | |
uses: peaceiris/actions-gh-pages@v4 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: public/wwwroot | |
force_orphan: true |