Fix CSP config error #348
This commit is contained in:
yflory
parent
eee65bf435
commit
137ccbd237
@ -20,7 +20,6 @@ var domain = ' ' + _domain;
|
|||||||
var baseCSP = [
|
var baseCSP = [
|
||||||
"default-src 'none'",
|
"default-src 'none'",
|
||||||
"style-src 'unsafe-inline' 'self' " + domain,
|
"style-src 'unsafe-inline' 'self' " + domain,
|
||||||
"script-src 'self'" + domain,
|
|
||||||
"font-src 'self' data:" + domain,
|
"font-src 'self' data:" + domain,
|
||||||
|
|
||||||
/* child-src is used to restrict iframes to a set of allowed domains.
|
/* child-src is used to restrict iframes to a set of allowed domains.
|
||||||
@ -45,6 +44,7 @@ var baseCSP = [
|
|||||||
|
|
||||||
// for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
|
// for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
|
||||||
"frame-ancestors *",
|
"frame-ancestors *",
|
||||||
|
""
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user