LailaTheElf/hedgedoc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1222 from hedgedoc/fix/upgrade_insecure_requests

Browse Source 
Fix upgradeInsecureRequests CSP directive
This commit is contained in:
David Mehren 2021-05-06 21:18:46 +02:00 committed by GitHub
commit 140b2c261c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/csp.js
View File

@ -85,9 +85,9 @@ function getCspNonce (req, res) {
function addUpgradeUnsafeRequestsOptionTo (directives) { function addUpgradeUnsafeRequestsOptionTo (directives) {
if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) { if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
directives.upgradeInsecureRequests = true directives.upgradeInsecureRequests = []
} else if (config.csp.upgradeInsecureRequests === true) { } else if (config.csp.upgradeInsecureRequests === true) {
directives.upgradeInsecureRequests = true directives.upgradeInsecureRequests = []
} }
} }