diff --git a/config.example.js b/config.example.js index b760362ca..b40b9506c 100644 --- a/config.example.js +++ b/config.example.js @@ -20,7 +20,6 @@ var domain = ' ' + _domain; var baseCSP = [ "default-src 'none'", "style-src 'unsafe-inline' 'self' " + domain, - "script-src 'self'" + domain, "font-src 'self' data:" + domain, /* child-src is used to restrict iframes to a set of allowed domains. @@ -45,6 +44,7 @@ var baseCSP = [ // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox "frame-ancestors *", + "" ];