web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix CSP issues with Chrome 58

Browse Source
This commit is contained in:
yflory 2017-05-03 13:53:05 +02:00
parent d52e9fba43
commit e280b92bdb
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config.example.js
View File

@ -39,10 +39,10 @@ module.exports = {
if you are deploying to production, you'll probably want to remove if you are deploying to production, you'll probably want to remove
the ws://* directive, and change '*' to your domain the ws://* directive, and change '*' to your domain
*/ */
"connect-src 'self' ws://* wss://*", "connect-src 'self' ws: wss:",
// data: is used by codemirror // data: is used by codemirror
"img-src 'self' data:", "img-src 'self' data: blob:",
].join('; '), ].join('; '),
// CKEditor requires significantly more lax content security policy in order to function. // CKEditor requires significantly more lax content security policy in order to function.
@ -59,7 +59,7 @@ module.exports = {
"child-src 'self' *", "child-src 'self' *",
// see the comment above in the 'contentSecurity' section // see the comment above in the 'contentSecurity' section
"connect-src 'self' ws://* wss://*", "connect-src 'self' ws: wss:",
// (insecure remote) images are included by users of the wysiwyg who embed photos in their pads // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
"img-src *", "img-src *",