summaryrefslogtreecommitdiff
path: root/lib/csp.js
diff options
context:
space:
mode:
Diffstat (limited to 'lib/csp.js')
-rw-r--r--lib/csp.js6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 96be533a..94e78d02 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -8,7 +8,7 @@ var defaultDirectives = {
scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''],
// ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
imgSrc: ['*'],
- styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
+ styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'],
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
mediaSrc: ['*'],
@@ -23,7 +23,7 @@ var cdnDirectives = {
}
var disqusDirectives = {
- scriptSrc: ['https://*.disqus.com', 'https://*.disquscdn.com'],
+ scriptSrc: ['https://disqus.com', 'https://*.disqus.com', 'https://*.disquscdn.com'],
styleSrc: ['https://*.disquscdn.com'],
fontSrc: ['https://*.disquscdn.com']
}
@@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) {
directives.scriptSrc.push(getCspNonce)
// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
// Any more clean solution appreciated.
- directives.scriptSrc.push('\'sha256-L0TsyAQLAc0koby5DCbFAwFfRs9ZxesA+4xg0QDSrdI=\'')
+ directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'')
}
function getCspNonce (req, res) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-29 19:13:42 +0000