Fix CSP config error #348

config.example.js

@@ -20,7 +20,6 @@ var domain = ' ' + _domain;
 var baseCSP = [
     "default-src 'none'",
     "style-src 'unsafe-inline' 'self' " + domain,
-    "script-src 'self'" + domain,
     "font-src 'self' data:" + domain,
 
     /*  child-src is used to restrict iframes to a set of allowed domains.
@@ -45,6 +44,7 @@ var baseCSP = [
 
     // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
     "frame-ancestors *",
+    ""
 ];