From 2b2b8d6d1daa0cd8a90459a9592d2c0dd753f8b2 Mon Sep 17 00:00:00 2001 From: Literallie Date: Sat, 21 Oct 2017 00:48:48 +0200 Subject: Allow any connect-src in CSP Managing these for all the integrations seems like a lot of effort --- app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.js b/app.js index 8664707d..c382cc35 100644 --- a/app.js +++ b/app.js @@ -145,7 +145,7 @@ if (config.csp.enable) { fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'], objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/ childSrc: ['*'], - connectSrc: ['\'self\'', 'https://links.services.disqus.com', 'wss://realtime.services.disqus.com'] + connectSrc: ['*'] }; var cdnDirectives = { scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'], -- cgit v1.2.3