mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-29 06:54:25 -05:00
Fix disqus CSP
Disqus loads it's embed config.js from its root domain (https://disqus.com). Our CSPs only allow subdomains (e.g.: https://codimd.disqus.com). This causes the disqus embedding to fail. This patch should fix this problem by adding https://disqus.com to the CSP setting. From a security perspective there is no real change. Since still the same parties are involved. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
b40f14f66d
commit
ecee16bd73
1 changed files with 1 additions and 1 deletions
|
@ -23,7 +23,7 @@ var cdnDirectives = {
|
||||||
}
|
}
|
||||||
|
|
||||||
var disqusDirectives = {
|
var disqusDirectives = {
|
||||||
scriptSrc: ['https://*.disqus.com', 'https://*.disquscdn.com'],
|
scriptSrc: ['https://disqus.com', 'https://*.disqus.com', 'https://*.disquscdn.com'],
|
||||||
styleSrc: ['https://*.disquscdn.com'],
|
styleSrc: ['https://*.disquscdn.com'],
|
||||||
fontSrc: ['https://*.disquscdn.com']
|
fontSrc: ['https://*.disquscdn.com']
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue