From 137ccbd237eacd58999fe0d441035b4a6f559d8a Mon Sep 17 00:00:00 2001 From: yflory Date: Mon, 25 Mar 2019 10:24:23 +0100 Subject: [PATCH] Fix CSP config error #348 --- config.example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.example.js b/config.example.js index b760362ca..b40b9506c 100644 --- a/config.example.js +++ b/config.example.js @@ -20,7 +20,6 @@ var domain = ' ' + _domain; var baseCSP = [ "default-src 'none'", "style-src 'unsafe-inline' 'self' " + domain, - "script-src 'self'" + domain, "font-src 'self' data:" + domain, /* child-src is used to restrict iframes to a set of allowed domains. @@ -45,6 +44,7 @@ var baseCSP = [ // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox "frame-ancestors *", + "" ];