summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Mehren2021-05-06 21:18:46 +0200
committerGitHub2021-05-06 21:18:46 +0200
commit140b2c261c578c414f8251fe577ea996cb02dfc9 (patch)
tree8a906871d7736c6b1e6f2c5882a29da1819bcf00
parentdc1f621eb84356bcb42e357102ef1ecff73261a6 (diff)
parent0b61f48129e666eed4c34dbbf759ab0013153022 (diff)
Merge pull request #1222 from hedgedoc/fix/upgrade_insecure_requests
Fix upgradeInsecureRequests CSP directive
-rw-r--r--lib/csp.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 108f2a22..08efdd79 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -85,9 +85,9 @@ function getCspNonce (req, res) {
function addUpgradeUnsafeRequestsOptionTo (directives) {
if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
- directives.upgradeInsecureRequests = true
+ directives.upgradeInsecureRequests = []
} else if (config.csp.upgradeInsecureRequests === true) {
- directives.upgradeInsecureRequests = true
+ directives.upgradeInsecureRequests = []
}
}