github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-21 17:26:29 -05:00
Code Issues Projects Releases Packages Wiki Activity

CSP: Allow self as frame-src

Browse source 
The reveal.js speaker view uses frames to display the slides

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-08-06 12:11:08 +02:00
parent 1642242078
commit 46cd60c510
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/csp.js
View file

@ -8,7 +8,7 @@ const defaultDirectives = {
baseUri: ['\'self\''],
connectSrc: ['\'self\''],
fontSrc: ['\'self\''],
frameSrc: ['https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com'],
frameSrc: ['\'self\'', 'https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com'],
imgSrc: ['*'], // we allow using arbitrary images
scriptSrc: [
config.serverURL + '/build/',