Fix CSP issues with Chrome 58

pull/1/head
yflory 8 years ago
parent d52e9fba43
commit e280b92bdb

@ -39,10 +39,10 @@ module.exports = {
if you are deploying to production, you'll probably want to remove if you are deploying to production, you'll probably want to remove
the ws://* directive, and change '*' to your domain the ws://* directive, and change '*' to your domain
*/ */
"connect-src 'self' ws://* wss://*", "connect-src 'self' ws: wss:",
// data: is used by codemirror // data: is used by codemirror
"img-src 'self' data:", "img-src 'self' data: blob:",
].join('; '), ].join('; '),
// CKEditor requires significantly more lax content security policy in order to function. // CKEditor requires significantly more lax content security policy in order to function.
@ -59,7 +59,7 @@ module.exports = {
"child-src 'self' *", "child-src 'self' *",
// see the comment above in the 'contentSecurity' section // see the comment above in the 'contentSecurity' section
"connect-src 'self' ws://* wss://*", "connect-src 'self' ws: wss:",
// (insecure remote) images are included by users of the wysiwyg who embed photos in their pads // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
"img-src *", "img-src *",

Loading…
Cancel
Save