mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-23 02:06:29 -05:00
450262c4ab
Adding mediaSrc to CSP so video and audio files can be embedded without problems. From a security perspective it should be fine to load audio and video data without introducing a high security issue. Only from a privacy perspective it allows another way to track users if there are data embedded. But it doesn't introduce any new attack vector as pictures are also allowed from everywhere. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> |
||
---|---|---|
.. | ||
config | ||
migrations | ||
models | ||
ot | ||
web | ||
workers | ||
csp.js | ||
history.js | ||
letter-avatars.js | ||
logger.js | ||
realtime.js | ||
response.js | ||
utils.js |