CSP: Allow more content types

1 files changed, 7 insertions, 3 deletions

diff --git a/lib/config/default.js b/lib/config/default.js
index 217d11d0..0b6ca26a 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -18,9 +18,13 @@ module.exports = {
     reportUri: '',
     directives: {
       defaultSrc: ["'self'"],
-      scriptSrc: ["'self'"],
-      styleSrc: ["'self'", "'unsafe-inline'"],
-      fontSrc: ["'self'"],
+      scriptSrc: ["'self'", "'unsafe-eval'", "vimeo.com", "https://gist.github.com", "www.slideshare.net", "https://query.yahooapis.com", "https://*.disqus.com"],
+      imgSrc: ["*"],
+      styleSrc: ["'self'", "'unsafe-inline'", "https://assets-cdn.github.com"],
+      fontSrc: ["'self'", "https://public.slidesharecdn.com"],
+      objectSrc: ["*"],
+      childSrc: ["*"],
+      connectSrc: ["'self'", "https://links.services.disqus.com", "wss://realtime.services.disqus.com"]
     },
     upgradeInsecureRequests: 'auto'
   },