depau/HackMD
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

CSP: Allow more content types

Browse source
This commit is contained in:
Literallie 2017-10-18 22:44:16 +02:00
parent 4238b9b3ef
commit 0cbdc852cb
No known key found for this signature in database
GPG key ID: 7BE463C902ED152C
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/config/default.js
View file

@ -18,9 +18,13 @@ module.exports = {
reportUri: '',
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
fontSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-eval'", "vimeo.com", "https://gist.github.com", "www.slideshare.net", "https://query.yahooapis.com", "https://*.disqus.com"],
imgSrc: ["*"],
styleSrc: ["'self'", "'unsafe-inline'", "https://assets-cdn.github.com"],
fontSrc: ["'self'", "https://public.slidesharecdn.com"],
objectSrc: ["*"],
childSrc: ["*"],
connectSrc: ["'self'", "https://links.services.disqus.com", "wss://realtime.services.disqus.com"]
},
upgradeInsecureRequests: 'auto'
},