Add data:
URL to CSP and upgrade helmet
Seems like the old version of helmet had a problem with `data:`. This patch upgrades to the latest version and adds the CSP rule to allow Google Fonts and the offline version of it, to properly include the fonts and no longer throw ugly error messages at us. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
d9ba11b21a
commit
d4a9bb3c7e
2 changed files with 2 additions and 2 deletions
|
@ -9,7 +9,7 @@ var defaultDirectives = {
|
||||||
// ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
|
// ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
|
||||||
imgSrc: ['*'],
|
imgSrc: ['*'],
|
||||||
styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
|
styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
|
||||||
fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'],
|
fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'],
|
||||||
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
|
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
|
||||||
mediaSrc: ['*'],
|
mediaSrc: ['*'],
|
||||||
childSrc: ['*'],
|
childSrc: ['*'],
|
||||||
|
|
|
@ -46,7 +46,7 @@
|
||||||
"gist-embed": "~2.6.0",
|
"gist-embed": "~2.6.0",
|
||||||
"graceful-fs": "^4.1.11",
|
"graceful-fs": "^4.1.11",
|
||||||
"handlebars": "^4.0.6",
|
"handlebars": "^4.0.6",
|
||||||
"helmet": "^3.3.0",
|
"helmet": "^3.13.0",
|
||||||
"highlight.js": "~9.12.0",
|
"highlight.js": "~9.12.0",
|
||||||
"i18n": "^0.8.3",
|
"i18n": "^0.8.3",
|
||||||
"imgur": "git+https://github.com/hackmdio/node-imgur.git",
|
"imgur": "git+https://github.com/hackmdio/node-imgur.git",
|
||||||
|
|
Loading…
Reference in a new issue