mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 11:16:31 -05:00
Allow embedding of video and audio tags
Adding mediaSrc to CSP so video and audio files can be embedded without problems. From a security perspective it should be fine to load audio and video data without introducing a high security issue. Only from a privacy perspective it allows another way to track users if there are data embedded. But it doesn't introduce any new attack vector as pictures are also allowed from everywhere. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
57c47a65dd
commit
450262c4ab
1 changed files with 1 additions and 0 deletions
|
@ -11,6 +11,7 @@ var defaultDirectives = {
|
||||||
styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
|
styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
|
||||||
fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'],
|
fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'],
|
||||||
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
|
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
|
||||||
|
mediaSrc: ['*'],
|
||||||
childSrc: ['*'],
|
childSrc: ['*'],
|
||||||
connectSrc: ['*']
|
connectSrc: ['*']
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue