diff options
| author | Erik Michelson | 2021-03-29 23:35:12 +0200 |
|---|---|---|
| committer | Erik Michelson | 2021-03-29 23:35:12 +0200 |
| commit | f948de1d48e9daa2181e23fc0f7136f75210acaf (patch) | |
| tree | b18bb71222b93b3d485cddc2808666f04bf5a2c9 | |
| parent | 1534d7029bf82c74d5b927e8b179a763ccb1cae4 (diff) | |
Remove yahoo domain from default CSP rules
Signed-off-by: Erik Michelson <opensource@erik.michelson.eu>
| -rw-r--r-- | lib/csp.js | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -5,7 +5,7 @@ const CspStrategy = {} const defaultDirectives = { defaultSrc: ['\'self\''], - scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''], + scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', '\'unsafe-eval\''], // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 imgSrc: ['*'], styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views |