HackMD

History

Sheogorath ecee16bd73 Fix disqus CSP Disqus loads it's embed config.js from its root domain (https://disqus.com). Our CSPs only allow subdomains (e.g.: https://codimd.disqus.com). This causes the disqus embedding to fail. This patch should fix this problem by adding https://disqus.com to the CSP setting. From a security perspective there is no real change. Since still the same parties are involved. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>		2018-12-05 13:17:14 +01:00
..
config	Warn on missing serverURL	2018-11-28 14:38:49 +01:00
migrations	Update error message text checks	2018-11-16 23:53:50 +01:00
models	Switch scrypt library to a successor	2018-11-21 01:33:34 +01:00
ot	Fix logging in ot module	2018-11-13 23:30:13 +01:00
web	Merge pull request #1082 from cloudyu/pull	2018-11-28 13:27:38 +01:00
workers	refactor: Remove `require` extension filename	2017-05-08 19:29:06 +08:00
csp.js	Fix disqus CSP	2018-12-05 13:17:14 +01:00
history.js	Further improvement of error handling for LZString	2018-07-27 15:42:58 +02:00
letter-avatars.js	Fix possible weird objects as email	2018-07-27 13:36:22 +02:00
logger.js	Fix streaming for winston	2018-11-16 11:49:39 +01:00
realtime.js	switching to eslint for code checking	2018-11-14 23:15:36 +01:00
response.js	Disallow creation of robots.txt in freeurl	2018-11-17 13:23:03 +01:00
utils.js	switch to __dirname	2017-06-02 11:34:35 +01:00