summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSheogorath2018-12-20 22:38:31 +0100
committerSheogorath2018-12-20 22:49:25 +0100
commit0f9e3670154efff084a27d53aad7271103ca29f0 (patch)
tree7b526023c8be1f672bcaec0679d8120c4717eb74
parentb40f14f66dd5446c1a2a9b20b3065d5c4726c3a8 (diff)
Fix broken Gist embedding
Looks like GitHub changed their asset system and our CSP prevented them from getting loaded. This patch should fix the Gist embedding with enabled CSP by replacing the old URL `https://assets-cdn.github.com` with the new `https://github.githubassets.com`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
-rw-r--r--lib/csp.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 96be533a..0bfd5832 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -8,7 +8,7 @@ var defaultDirectives = {
scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''],
// ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
imgSrc: ['*'],
- styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
+ styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'],
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
mediaSrc: ['*'],