mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-22 01:36:29 -05:00
ecee16bd73
Disqus loads it's embed config.js from its root domain (https://disqus.com). Our CSPs only allow subdomains (e.g.: https://codimd.disqus.com). This causes the disqus embedding to fail. This patch should fix this problem by adding https://disqus.com to the CSP setting. From a security perspective there is no real change. Since still the same parties are involved. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> |
||
---|---|---|
.. | ||
config | ||
migrations | ||
models | ||
ot | ||
web | ||
workers | ||
csp.js | ||
history.js | ||
letter-avatars.js | ||
logger.js | ||
realtime.js | ||
response.js | ||
utils.js |