|
|
@ -18,7 +18,7 @@ Default.commonCSP = function (domain, sandbox) {
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
"child-src 'self' blob: " + domain + sandbox,
|
|
|
|
"child-src 'self' blob: " + domain + sandbox,
|
|
|
|
// IE/Edge
|
|
|
|
// IE/Edge
|
|
|
|
"'frame-src 'self' blob: " + sandbox,
|
|
|
|
"frame-src 'self' blob: " + sandbox,
|
|
|
|
|
|
|
|
|
|
|
|
/* this allows connections over secure or insecure websockets
|
|
|
|
/* this allows connections over secure or insecure websockets
|
|
|
|
if you are deploying to production, you'll probably want to remove
|
|
|
|
if you are deploying to production, you'll probably want to remove
|
|
|
|