undo an invalid CSP change

3 years ago · 49446fe02b
parent c0b379b535
commit 49446fe02b
1 changed files with 1 additions and 1 deletions
--- a/lib/defaults.js
+++ b/lib/defaults.js
@ -18,7 +18,7 @@ Default.commonCSP = function (domain, sandbox) {
         */
        "child-src 'self' blob: " + domain + sandbox,
        // IE/Edge
-        `frame-src 'self' blob:${sandbox}/* blob:${domain}/* ${domain} ${sandbox}`,
+        "'frame-src 'self' blob: " + sandbox,

        /*  this allows connections over secure or insecure websockets
            if you are deploying to production, you'll probably want to remove