depau/HackMD
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add dirty workaround for speakers view inline script

Browse source
This commit is contained in:
Literallie 2017-10-21 01:25:30 +02:00
parent 2b2b8d6d1d
commit e5f03fe135
No known key found for this signature in database
GPG key ID: 7BE463C902ED152C
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app.js
View file

@ -173,6 +173,10 @@ if (config.csp.enable) {
} }
if (directives.scriptSrc.indexOf('\'unsafe-inline\'') === -1) { if (directives.scriptSrc.indexOf('\'unsafe-inline\'') === -1) {
directives.scriptSrc.push(getCspNonce) directives.scriptSrc.push(getCspNonce)
// TODO: This is the SHA-256 hash of the inline script in
// build/reveal.js/plugins/notes/notes.html . Any cleaner
// solution appreciated.
directives.scriptSrc.push('\'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=\'')
} }
directives.connectSrc.push(getCspWebSocketUrl) directives.connectSrc.push(getCspWebSocketUrl)
if (config.csp.upgradeInsecureRequests === 'auto') { if (config.csp.upgradeInsecureRequests === 'auto') {