hedgedoc/lib
Sheogorath ecee16bd73
Fix disqus CSP
Disqus loads it's embed config.js from its root domain
(https://disqus.com). Our CSPs only allow subdomains (e.g.:
https://codimd.disqus.com). This causes the disqus embedding to fail.

This patch should fix this problem by adding https://disqus.com to the
CSP setting. From a security perspective there is no real change. Since
still the same parties are involved.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-05 13:17:14 +01:00
..
config Warn on missing serverURL 2018-11-28 14:38:49 +01:00
migrations Update error message text checks 2018-11-16 23:53:50 +01:00
models Switch scrypt library to a successor 2018-11-21 01:33:34 +01:00
ot Fix logging in ot module 2018-11-13 23:30:13 +01:00
web Merge pull request #1082 from cloudyu/pull 2018-11-28 13:27:38 +01:00
workers refactor: Remove require extension filename 2017-05-08 19:29:06 +08:00
csp.js Fix disqus CSP 2018-12-05 13:17:14 +01:00
history.js Further improvement of error handling for LZString 2018-07-27 15:42:58 +02:00
letter-avatars.js Fix possible weird objects as email 2018-07-27 13:36:22 +02:00
logger.js Fix streaming for winston 2018-11-16 11:49:39 +01:00
realtime.js switching to eslint for code checking 2018-11-14 23:15:36 +01:00
response.js Disallow creation of robots.txt in freeurl 2018-11-17 13:23:03 +01:00
utils.js switch to __dirname 2017-06-02 11:34:35 +01:00