diff options
-rw-r--r-- | lib/csp.js | 2 | ||||
-rw-r--r-- | package.json | 2 |
2 files changed, 2 insertions, 2 deletions
@@ -9,7 +9,7 @@ var defaultDirectives = { // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 imgSrc: ['*'], styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views - fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'], + fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'], objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/ mediaSrc: ['*'], childSrc: ['*'], diff --git a/package.json b/package.json index 6d461225..6a48e903 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "gist-embed": "~2.6.0", "graceful-fs": "^4.1.11", "handlebars": "^4.0.6", - "helmet": "^3.3.0", + "helmet": "^3.13.0", "highlight.js": "~9.12.0", "i18n": "^0.8.3", "imgur": "git+https://github.com/hackmdio/node-imgur.git", |