From d939de17df08b7a2ff8302869981f4fc88566cd9 Mon Sep 17 00:00:00 2001
From: Sheogorath
Date: Fri, 30 Mar 2018 16:33:32 +0200
Subject: Fix CSP for disqus and Google Analytics

This commit should fix existing problems with Disqus and Google
Analytics enabled in the meta-yaml section of a note.

Before this commit they were blocked by the strict CSP. It's still
possible to disable the added directives using `addDisqus` and
`addGoogleAnalytics` in the `csp` config section.

They are enabled by default to prevent breaking changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 lib/config/default.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/config/default.js')

diff --git a/lib/config/default.js b/lib/config/default.js
index b6f1af17..68849d36 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -18,6 +18,8 @@ module.exports = {
     directives: {
     },
     addDefaults: true,
+    addDisqus: true,
+    addGoogleAnalytics: true,
     upgradeInsecureRequests: 'auto',
     reportURI: undefined
   },
-- 
cgit v1.2.3