Merge branch 'staging' of github.com:xwiki-labs/cryptpad into staging
commit
7f25c9a8e1
|
@ -33,9 +33,9 @@ module.exports = {
|
|||
* it is recommended that you configure these fields to match the
|
||||
* domain which will serve your CryptPad instance.
|
||||
*/
|
||||
"child-src 'self' *",
|
||||
"child-src 'self' blob: *",
|
||||
|
||||
"media-src *",
|
||||
"media-src * blob:",
|
||||
|
||||
/* this allows connections over secure or insecure websockets
|
||||
if you are deploying to production, you'll probably want to remove
|
||||
|
|
|
@ -34,6 +34,7 @@ var setHeaders = (function () {
|
|||
const headers = clone(config.httpHeaders);
|
||||
if (config.contentSecurity) {
|
||||
headers['Content-Security-Policy'] = clone(config.contentSecurity);
|
||||
if (!/;$/.test(headers['Content-Security-Policy'])) { headers['Content-Security-Policy'] += ';' }
|
||||
if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
|
||||
// backward compat for those who do not merge the new version of the config
|
||||
// when updating. This prevents endless spinner if someone clicks donate.
|
||||
|
|
Loading…
Reference in New Issue