mirror of https://github.com/xwiki-labs/cryptpad
Use hashes instead of unsafe-eval to secure drawio
This commit is contained in:
parent
1fba52f300
commit
17e6d24de4
|
@ -48,7 +48,7 @@ Default.padContentSecurity = function (Env) {
|
|||
};
|
||||
|
||||
Default.drawioContentSecurity = function (Env) {
|
||||
return (Default.commonCSP(Env).join('; ') + "script-src 'self' 'unsafe-inline' resource: " + Env.httpUnsafeOrigin).replace(/\s+/g, ' ');
|
||||
return (Default.commonCSP(Env).join('; ') + "script-src 'self' 'sha256-+hYPMSCUTTRq44AeLdIxRO6I7f2KjNhFS1RlQG3XZgA=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: " + Env.httpUnsafeOrigin).replace(/\s+/g, ' ');
|
||||
};
|
||||
|
||||
Default.httpHeaders = function (Env) {
|
||||
|
|
Loading…
Reference in New Issue