dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix CSP issues with Chrome 58

This commit is contained in:
yflory 2017-05-03 13:53:05 +02:00
parent d52e9fba43
commit e280b92bdb
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config.example.js
View File

@ -39,10 +39,10 @@ module.exports = {
if you are deploying to production, you'll probably want to remove
the ws://* directive, and change '*' to your domain
*/
"connect-src 'self' ws://* wss://*",
"connect-src 'self' ws: wss:",
// data: is used by codemirror
"img-src 'self' data:",
"img-src 'self' data: blob:",
].join('; '),
// CKEditor requires significantly more lax content security policy in order to function.
@ -59,7 +59,7 @@ module.exports = {
"child-src 'self' *",
// see the comment above in the 'contentSecurity' section
"connect-src 'self' ws://* wss://*",
"connect-src 'self' ws: wss:",
// (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
"img-src *",