diff options
author | Sheogorath | 2018-12-20 22:38:31 +0100 |
---|---|---|
committer | Sheogorath | 2018-12-20 22:49:25 +0100 |
commit | 0f9e3670154efff084a27d53aad7271103ca29f0 (patch) | |
tree | 7b526023c8be1f672bcaec0679d8120c4717eb74 | |
parent | b40f14f66dd5446c1a2a9b20b3065d5c4726c3a8 (diff) |
Fix broken Gist embedding
Looks like GitHub changed their asset system and our CSP prevented them
from getting loaded.
This patch should fix the Gist embedding with enabled CSP by replacing
the old URL `https://assets-cdn.github.com` with the new
`https://github.githubassets.com`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
-rw-r--r-- | lib/csp.js | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -8,7 +8,7 @@ var defaultDirectives = { scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''], // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 imgSrc: ['*'], - styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views + styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'], objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/ mediaSrc: ['*'], |