Sheogorath ecee16bd73

Fix disqus CSP ...

Disqus loads it's embed config.js from its root domain
(https://disqus.com). Our CSPs only allow subdomains (e.g.:
https://codimd.disqus.com). This causes the disqus embedding to fail.

This patch should fix this problem by adding https://disqus.com to the
CSP setting. From a security perspective there is no real change. Since
still the same parties are involved.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

2018-12-05 13:17:14 +01:00

..

config

Warn on missing serverURL

2018-11-28 14:38:49 +01:00

migrations

Update error message text checks

2018-11-16 23:53:50 +01:00

models

Switch scrypt library to a successor

2018-11-21 01:33:34 +01:00

ot

Fix logging in ot module

2018-11-13 23:30:13 +01:00

web

Merge pull request #1082 from cloudyu/pull

2018-11-28 13:27:38 +01:00

workers

refactor: Remove require extension filename

2017-05-08 19:29:06 +08:00

csp.js

Fix disqus CSP

2018-12-05 13:17:14 +01:00

history.js

Further improvement of error handling for LZString

2018-07-27 15:42:58 +02:00

letter-avatars.js

Fix possible weird objects as email

2018-07-27 13:36:22 +02:00

logger.js

Fix streaming for winston

2018-11-16 11:49:39 +01:00

realtime.js

switching to eslint for code checking

2018-11-14 23:15:36 +01:00

response.js

Disallow creation of robots.txt in freeurl

2018-11-17 13:23:03 +01:00

utils.js

switch to __dirname

2017-06-02 11:34:35 +01:00