github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-02-16 14:42:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

CSP: Allow styles from /css/

Browse source 
Reveal.js styles are hosted there

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-08-06 12:09:20 +02:00
parent 1c0af5f75d
commit 1642242078
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/csp.js
View file

@ -19,7 +19,7 @@ const defaultDirectives = {
'https://www.slideshare.net/api/oembed/2',
'\'unsafe-inline\'' // this is ignored by browsers supporting nonces/hashes
],
styleSrc: [config.serverURL + '/build/', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
styleSrc: [config.serverURL + '/build/', config.serverURL + '/css/', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
formAction: ['\'self\'']
}