depau/HackMD
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Allow any connect-src in CSP

Browse source 
Managing these for all the integrations seems like a lot of effort
This commit is contained in:
Literallie 2017-10-21 00:48:48 +02:00
parent d51da8c12c
commit 2b2b8d6d1d
No known key found for this signature in database
GPG key ID: 7BE463C902ED152C
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app.js
View file

@ -145,7 +145,7 @@ if (config.csp.enable) {
fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'], fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'],
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/ objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
childSrc: ['*'], childSrc: ['*'],
connectSrc: ['\'self\'', 'https://links.services.disqus.com', 'wss://realtime.services.disqus.com'] connectSrc: ['*']
}; };
var cdnDirectives = { var cdnDirectives = {
scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'], scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'],