hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-02-06 04:52:35 +00:00

History

Sheogorath ecee16bd73 Fix disqus CSP Disqus loads it's embed config.js from its root domain (https://disqus.com). Our CSPs only allow subdomains (e.g.: https://codimd.disqus.com). This causes the disqus embedding to fail. This patch should fix this problem by adding https://disqus.com to the CSP setting. From a security perspective there is no real change. Since still the same parties are involved. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>		2018-12-05 13:17:14 +01:00
..
config	Warn on missing serverURL	2018-11-28 14:38:49 +01:00
migrations	Update error message text checks	2018-11-16 23:53:50 +01:00
models	Switch scrypt library to a successor	2018-11-21 01:33:34 +01:00
ot
web	Merge pull request #1082 from cloudyu/pull	2018-11-28 13:27:38 +01:00
workers
csp.js	Fix disqus CSP	2018-12-05 13:17:14 +01:00
history.js
letter-avatars.js
logger.js	Fix streaming for winston	2018-11-16 11:49:39 +01:00
realtime.js
response.js	Disallow creation of robots.txt in freeurl	2018-11-17 13:23:03 +01:00
utils.js