diff options
author | Sheogorath | 2018-10-04 03:02:55 +0200 |
---|---|---|
committer | Sheogorath | 2018-10-04 03:04:36 +0200 |
commit | d4a9bb3c7e090f5fbea4df596be0c6261b3b4ac3 (patch) | |
tree | 0cc2f270e785f102a95a308b38824dc2fa3b05cf /lib | |
parent | d9ba11b21a77561ec3f72d5396d48fea32f6389d (diff) |
Add `data:` URL to CSP and upgrade helmet
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/csp.js | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -9,7 +9,7 @@ var defaultDirectives = { // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 imgSrc: ['*'], styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views - fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'], + fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'], objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/ mediaSrc: ['*'], childSrc: ['*'], |