mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-26 03:33:58 -05:00
Add dirty workaround for speakers view inline script
This commit is contained in:
parent
2b2b8d6d1d
commit
e5f03fe135
1 changed files with 4 additions and 0 deletions
4
app.js
4
app.js
|
@ -173,6 +173,10 @@ if (config.csp.enable) {
|
||||||
}
|
}
|
||||||
if (directives.scriptSrc.indexOf('\'unsafe-inline\'') === -1) {
|
if (directives.scriptSrc.indexOf('\'unsafe-inline\'') === -1) {
|
||||||
directives.scriptSrc.push(getCspNonce)
|
directives.scriptSrc.push(getCspNonce)
|
||||||
|
// TODO: This is the SHA-256 hash of the inline script in
|
||||||
|
// build/reveal.js/plugins/notes/notes.html . Any cleaner
|
||||||
|
// solution appreciated.
|
||||||
|
directives.scriptSrc.push('\'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=\'')
|
||||||
}
|
}
|
||||||
directives.connectSrc.push(getCspWebSocketUrl)
|
directives.connectSrc.push(getCspWebSocketUrl)
|
||||||
if (config.csp.upgradeInsecureRequests === 'auto') {
|
if (config.csp.upgradeInsecureRequests === 'auto') {
|
||||||
|
|
Loading…
Reference in a new issue