github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-22 01:36:29 -05:00
Code Issues Projects Releases Packages Wiki Activity

CSP: Allow self as manifest-src

Browse source 
Chrome complains otherwise, as it can't download the Web Manifest.

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-08-06 12:11:53 +02:00
parent 46cd60c510
commit c002c7b681
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/csp.js
View file

@ -8,6 +8,7 @@ const defaultDirectives = {
baseUri: ['\'self\''], baseUri: ['\'self\''],
connectSrc: ['\'self\''], connectSrc: ['\'self\''],
fontSrc: ['\'self\''], fontSrc: ['\'self\''],
manifestSrc: ['\'self\''],
frameSrc: ['\'self\'', 'https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com'], frameSrc: ['\'self\'', 'https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com'],
imgSrc: ['*'], // we allow using arbitrary images imgSrc: ['*'], // we allow using arbitrary images
scriptSrc: [ scriptSrc: [