Fix broken Gist embedding

Looks like GitHub changed their asset system and our CSP prevented them from getting loaded. This patch should fix the Gist embedding with enabled CSP by replacing the old URL `https://assets-cdn.github.com` with the new `https://github.githubassets.com`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
author: Sheogorath 2018-12-20 22:38:31 +0100
committer: Sheogorath 2018-12-20 22:49:25 +0100
commit: 0f9e3670154efff084a27d53aad7271103ca29f0 (patch)
tree: 7b526023c8be1f672bcaec0679d8120c4717eb74 /lib
parent: b40f14f66dd5446c1a2a9b20b3065d5c4726c3a8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 96be533a..0bfd5832 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -8,7 +8,7 @@ var defaultDirectives = {
   scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''],
   // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
   imgSrc: ['*'],
-  styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
+  styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
   fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'],
   objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
   mediaSrc: ['*'],
author	Sheogorath	2018-12-20 22:38:31 +0100
committer	Sheogorath	2018-12-20 22:49:25 +0100
commit	0f9e3670154efff084a27d53aad7271103ca29f0 (patch)
tree	7b526023c8be1f672bcaec0679d8120c4717eb74 /lib
parent	b40f14f66dd5446c1a2a9b20b3065d5c4726c3a8 (diff)