mirror of https://github.com/xwiki-labs/cryptpad
don't send require-sri-for CSP because it's not yet supported, cannot be tested, and probably will break when it works
This commit is contained in:
parent
e48afd0df2
commit
0bfd5c0421
|
@ -63,9 +63,7 @@ module.exports = {
|
|||
"img-src 'self' data: blob:" + domain,
|
||||
|
||||
// for accounts.cryptpad.fr authentication and pad2 cross-domain iframe sandbox
|
||||
"frame-ancestors *",
|
||||
|
||||
'require-sri-for script'
|
||||
"frame-ancestors *"
|
||||
].join('; '),
|
||||
|
||||
// CKEditor requires significantly more lax content security policy in order to function.
|
||||
|
|
Loading…
Reference in New Issue