summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--lib/csp.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 616c1d21..108f2a22 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -5,7 +5,7 @@ const CspStrategy = {}
const defaultDirectives = {
defaultSrc: ['\'self\''],
- scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''],
+ scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', '\'unsafe-eval\''],
// ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
imgSrc: ['*'],
styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views