Merge pull request #1222 from hedgedoc/fix/upgrade_insecure_requests

Fix upgradeInsecureRequests CSP directive
author: David Mehren 2021-05-06 21:18:46 +0200
committer: GitHub 2021-05-06 21:18:46 +0200
commit: 140b2c261c578c414f8251fe577ea996cb02dfc9 (patch)
tree: 8a906871d7736c6b1e6f2c5882a29da1819bcf00 /lib
parent: dc1f621eb84356bcb42e357102ef1ecff73261a6 (diff)
parent: 0b61f48129e666eed4c34dbbf759ab0013153022 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 108f2a22..08efdd79 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -85,9 +85,9 @@ function getCspNonce (req, res) {
 
 function addUpgradeUnsafeRequestsOptionTo (directives) {
   if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
-    directives.upgradeInsecureRequests = true
+    directives.upgradeInsecureRequests = []
   } else if (config.csp.upgradeInsecureRequests === true) {
-    directives.upgradeInsecureRequests = true
+    directives.upgradeInsecureRequests = []
   }
 }
author	David Mehren	2021-05-06 21:18:46 +0200
committer	GitHub	2021-05-06 21:18:46 +0200
commit	140b2c261c578c414f8251fe577ea996cb02dfc9 (patch)
tree	8a906871d7736c6b1e6f2c5882a29da1819bcf00 /lib
parent	dc1f621eb84356bcb42e357102ef1ecff73261a6 (diff)
parent	0b61f48129e666eed4c34dbbf759ab0013153022 (diff)