diff options
author | David Mehren | 2021-05-06 21:18:46 +0200 |
---|---|---|
committer | GitHub | 2021-05-06 21:18:46 +0200 |
commit | 140b2c261c578c414f8251fe577ea996cb02dfc9 (patch) | |
tree | 8a906871d7736c6b1e6f2c5882a29da1819bcf00 | |
parent | dc1f621eb84356bcb42e357102ef1ecff73261a6 (diff) | |
parent | 0b61f48129e666eed4c34dbbf759ab0013153022 (diff) |
Merge pull request #1222 from hedgedoc/fix/upgrade_insecure_requests
Fix upgradeInsecureRequests CSP directive
-rw-r--r-- | lib/csp.js | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -85,9 +85,9 @@ function getCspNonce (req, res) { function addUpgradeUnsafeRequestsOptionTo (directives) { if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) { - directives.upgradeInsecureRequests = true + directives.upgradeInsecureRequests = [] } else if (config.csp.upgradeInsecureRequests === true) { - directives.upgradeInsecureRequests = true + directives.upgradeInsecureRequests = [] } } |