dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use hashes instead of unsafe-eval to secure drawio

This commit is contained in:
Wolfgang Ginolas 2023-06-02 14:43:44 +02:00
parent 1fba52f300
commit 17e6d24de4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/defaults.js
View File

@ -48,7 +48,7 @@ Default.padContentSecurity = function (Env) {
};
Default.drawioContentSecurity = function (Env) {
return (Default.commonCSP(Env).join('; ') + "script-src 'self' 'unsafe-inline' resource: " + Env.httpUnsafeOrigin).replace(/\s+/g, ' ');
return (Default.commonCSP(Env).join('; ') + "script-src 'self' 'sha256-+hYPMSCUTTRq44AeLdIxRO6I7f2KjNhFS1RlQG3XZgA=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: " + Env.httpUnsafeOrigin).replace(/\s+/g, ' ');
};
Default.httpHeaders = function (Env) {