From 49446fe02b78636e45341ab343d119580e3d8516 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 11 Feb 2022 20:49:38 +0530
Subject: [PATCH] undo an invalid CSP change

---
 lib/defaults.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/defaults.js b/lib/defaults.js
index 3f1ac0bda..abc6c58c6 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -18,7 +18,7 @@ Default.commonCSP = function (domain, sandbox) {
          */
         "child-src 'self' blob: " + domain + sandbox,
         // IE/Edge
-        `frame-src 'self' blob:${sandbox}/* blob:${domain}/* ${domain} ${sandbox}`,
+        "'frame-src 'self' blob: " + sandbox,
 
         /*  this allows connections over secure or insecure websockets
             if you are deploying to production, you'll probably want to remove