update default config with new CSP values

2017-05-31 15:21:29 +02:00
parent 3465710237
commit 087bcd2ea5
2 changed files with 3 additions and 234 deletions
--- a/config.example.js
+++ b/config.example.js
@@ -35,11 +35,13 @@ module.exports = {
         */
        "child-src 'self' *",

+        "media-src *",
+
        /*  this allows connections over secure or insecure websockets
            if you are deploying to production, you'll probably want to remove
            the ws://* directive, and change '*' to your domain
         */
-        "connect-src 'self' ws: wss:",
+        "connect-src 'self' ws: wss: blob:",

        // data: is used by codemirror
        "img-src 'self' data: blob:",