Merge pull request #1105 from SISheogorath/fix/gistCSP

Fix broken Gist embedding
author: Christoph (Sheogorath) Kern 2018-12-21 18:39:22 +0100
committer: GitHub 2018-12-21 18:39:22 +0100
commit: f9cc2ff0ef56aa5f0a655f9209321460748ba621 (patch)
tree: baba9578304cb3e5f5078cae0e1f450c8bbf66f4 /lib
parent: e4845849dc17a41fe1a95ea67089de2ee6d03d25 (diff)
parent: 0f9e3670154efff084a27d53aad7271103ca29f0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 2bc4c125..94e78d02 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -8,7 +8,7 @@ var defaultDirectives = {
   scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''],
   // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
   imgSrc: ['*'],
-  styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
+  styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
   fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'],
   objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
   mediaSrc: ['*'],
author	Christoph (Sheogorath) Kern	2018-12-21 18:39:22 +0100
committer	GitHub	2018-12-21 18:39:22 +0100
commit	f9cc2ff0ef56aa5f0a655f9209321460748ba621 (patch)
tree	baba9578304cb3e5f5078cae0e1f450c8bbf66f4 /lib
parent	e4845849dc17a41fe1a95ea67089de2ee6d03d25 (diff)
parent	0f9e3670154efff084a27d53aad7271103ca29f0 (diff)