From a556575b917174fc6b2d2645019ad0045205398d Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 5 Dec 2018 11:32:05 +0100
Subject: [PATCH 1/2] Fix CSP for speaker notes

Looks like I was wrong in my previous commit to update revealjs.[1]

The speaker notes broke again with the CSPs. So this patch updates the
hash and this way the speaker notes.

[1]: bcebf1e8d285184f8c905f00e0270621790e7b80

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 lib/csp.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/csp.js b/lib/csp.js
index 96be533..2b47e68 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) {
   directives.scriptSrc.push(getCspNonce)
   // TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
   // Any more clean solution appreciated.
-  directives.scriptSrc.push('\'sha256-L0TsyAQLAc0koby5DCbFAwFfRs9ZxesA+4xg0QDSrdI=\'')
+  directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'')
 }
 
 function getCspNonce (req, res) {

From ecee16bd737b59d93ac0d1633fd8afd6aabca063 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 5 Dec 2018 13:14:34 +0100
Subject: [PATCH 2/2] Fix disqus CSP

Disqus loads it's embed config.js from its root domain
(https://disqus.com). Our CSPs only allow subdomains (e.g.:
https://codimd.disqus.com). This causes the disqus embedding to fail.

This patch should fix this problem by adding https://disqus.com to the
CSP setting. From a security perspective there is no real change. Since
still the same parties are involved.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 lib/csp.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/csp.js b/lib/csp.js
index 96be533..098d35d 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -23,7 +23,7 @@ var cdnDirectives = {
 }
 
 var disqusDirectives = {
-  scriptSrc: ['https://*.disqus.com', 'https://*.disquscdn.com'],
+  scriptSrc: ['https://disqus.com', 'https://*.disqus.com', 'https://*.disquscdn.com'],
   styleSrc: ['https://*.disquscdn.com'],
   fontSrc: ['https://*.disquscdn.com']
 }