dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

don't send require-sri-for CSP because it's not yet supported, cannot be tested, and probably will break when it works

This commit is contained in:
Caleb James DeLisle 2018-06-12 17:33:32 +02:00
parent e48afd0df2
commit 0bfd5c0421
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config.example.js
View File

@ -63,9 +63,7 @@ module.exports = {
"img-src 'self' data: blob:" + domain,
// for accounts.cryptpad.fr authentication and pad2 cross-domain iframe sandbox
"frame-ancestors *",
'require-sri-for script'
"frame-ancestors *"
].join('; '),
// CKEditor requires significantly more lax content security policy in order to function.