LailaTheElf/hedgedoc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing unsafe-inline CSP directive

Browse Source 
Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2020-08-23 01:29:53 +02:00
parent f821da6c09
commit 8932260360
No known key found for this signature in database
GPG Key ID: DB99ADDDC5C0AF82
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/csp.js
View File

@ -33,7 +33,7 @@ var googleAnalyticsDirectives = {
} }
var dropboxDirectives = { var dropboxDirectives = {
scriptSrc: ['https://www.dropbox.com'] scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\'']
} }
CspStrategy.computeDirectives = function () { CspStrategy.computeDirectives = function () {